I figured I'd post some correlation stuff we are doing in order to encourage others to share some more correlation work. I know the contest is done, but hoping more to leverage the userbase to share the knowledge
We're interested in looking at Cisco Failover so we have an alert setup to fire based on 104001*, 103001, 103004. If any of these occur, we use Task Triage to output this to a team for investigation. Eventually a ticket is created for the firewall team. This is helpful because we can tabulate if pairs of ASAs are failing over to pinpoint problems to a cable, switchport problems, bad hardware etc based on trending and metrics.