SOC Experts Community - Beta
0 like 0 dislike
in Use Cases by (2.2k points)

2 Answers

0 like 0 dislike
by (5.9k points)
Generally in SIEM based on use cases correlation rule is written which is basically a like a regular expression which matches with the event to cause an action(alert). This action is scheduled for specific time intervals with respect to the events in the SIEM. In short correlation rule triggers the alerts on SIEM
0 like 0 dislike
by (5.4k points)
when logs matches certain correlation rules in the SIEM, the alerts are triggered

SOC Experts - No. 1 Job Oriented Cybersecurity Training Program

View our Courses