Hi I'm newbie with the envision, I've read some documentation, watched several presentations and podcasts, but still not found the answer what is the difference between using circuit and statements. What are bad practice or inefficient use of using of Circuit or/and statements, what are the limitations of both. Any examples where should I use more then one circuit instead of one circuit with many statements? Is it true that, if you use multiple circuits and each circuit analyze for example: Windows Event logs then all events from Windows are analyzed separately and it could be example of inefficient use? In example: brute force attack . We can do correlation rule using: A) 1 circuit and several statements or B) several circuit each which 1 statements Which way is better?or maybe it depends - if so, from what it depends? Thank you for any kind of information/best practice and so one.