This topic describes the features for creating and managing correlation rules in the Services Config view > Correlation Rules tab.
The Correlation Rules tab enables you to manage correlation rules. Basic correlation rules are applied at the session level and alert the user to specific activities that may be occurring in their environment. Security Analytics applies correlation rules over a configurable sliding time window.
The toolbar on the Correlation Rules tab is common to all types of rules. Services Config View - Rules Tabs provides information on the common rules toolbar and actions.
To access the Correlation Rules tab:
- In the Security Analytics menu, select Administration > Services.
- Select a service and >View > Config.
The Config view for the selected service is displayed.
- Click the Correlation Rules tab.
The following figure shows the Correlation Rules tab.
The following figure shows the Rule Editor dialog for a correlation rule.
The following table describes the Correlation Rules tab columns.
The Rule Editor dialog provides the fields and options needed to define a network rule. The fields correspond exactly to the grid columns.