Correlation Rule

Definition

1. 1.SIEM logic that links multiple events to detect suspicious activity patterns.

Example

A correlation rule triggered on repeated failed logins followed by success.

Related Exams