Creating correlation rules to monitor data ingestion health - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-10
Category
Administrator Guide
Abstract

See examples of correlation rules for monitoring data ingestion health.

In addition to the OOTB Ingestion health alerts, you can build your own monitoring logic for ingestion by creating correlation rules that are specific to your requirements. You can create rules that monitor the data ingestion metrics for a specific source within a specific timeframe, and trigger ingestion health alerts if there is a deviation from the regular pattern of log collection.

The following examples can help you to set up your own correlation rules with the data ingestion metrics: