The EventCorrelator is an important and powerful tool in the hands of the system administrator and is crucial for maximizing the value of event log management and analysis. Often the clues to an ongoing attack are scattered across multiple systems and devices and it becomes nearly impossible to detect these subtle signs manually in real-time.
The EventCorrelator enables defense in depth where security information can be collected from perimeter devices, systems and applications and rules run on events from multiple servers and domains to detect patterns of behavior indicating a breach of security. For example, an intruder could be attempting to break into your systems but is moving from system to system to avoid triggering an alert for too many failed logins on a system. A correlation rule can be set to alert after a number of login failures by a single user or IP address during a certain period of time across any of the machines in the enterprise enabling these types of attacks to be quickly uncovered.
- Identify unauthorized logon activity
- Monitor unauthorized network port usage
- Monitor logon/logoff activity
- Manage Active Directory OU delegation
- Out of box correlation rules to detect the most common and critical security conditions in real-time
- The ability to create customized correlation rules and actions
- Support for Heuristic, Vector, Threshold, Comparison and Redirecting Correlation scenarios
