Working with Correlation Rules - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Cortex XDR
Creation date
Last date published
Administrator Guide

Correlation Rules help you analyze correlations of multi-events from multiple sources by using the Cortex Query Language (XQL) based engine for creating scheduled rules called Correlation Rules. Alerts can then be triggered based on these Correlation Rules with a defined time frame and set schedule, including every X minutes, once a day, once a week, or a custom time.

Once you have configured your Correlation Rules, you can manage the Correlation Rules in the Correlation Rules page, view and analyze the alerts generated from the Correlation Rules in the Alerts and Incidents pages. In addition, these Correlation Rules are factored into the number of incidents displayed in the dashboard.