Correlation Rules help you analyze correlations of multi-events from multiple sources by using the Cortex Query Language based engine for creating scheduled rules.
Correlation Rules help you analyze correlations of multi-events from multiple sources by using the Cortex Query Language (XQL) based engine for creating scheduled rules called Correlation Rules. Alerts can then be triggered based on these Correlation Rules with a defined time frame and set schedule, including every X minutes, once a day, once a week, or a custom time.
Once you have configured your Correlation Rules, you can manage the Correlation Rules in the Correlation Rules page, view and analyze the alerts generated from the Correlation Rules in the Alerts and Incidents pages. In addition, these Correlation Rules are factored into the number of incidents displayed in the dashboard.