Automated Correlation Engine
Detect, surface and highlight compromised hosts on your network

Automated correlation provides analytics that detect security events on your network. It scrutinizes isolated events across multiple logs and log types on the firewall as well as Traps advanced endpoint protection, queries the data for specific patterns, and correlates security events to identify actionable information such as host-based activities that indicate a compromised host. 

Connect the Dots Automatically

The automated correlation engine includes correlation objects defined by the Palo Alto Networks Malware Research team. These objects identify suspicious traffic patterns or sequences of events that indicate a malicious outcome. Some correlation objects can identify dynamic patterns that have been observed from malware samples in WildFire®. Correlation objects trigger correlation events when they match on traffic patterns and network artifacts that indicate a compromised host on your network.

Available on our Next-Generation Firewall and Panorama.


Reduce manual data mining

The ability to detect and highlight compromised hosts automatically empowers network operators and security professionals to cut back on manual data mining. The manual work needed to confirm compromised host activity can take valuable hours if not days. It’s like finding the needle in the haystack. Sometimes, a manual search never results in confirmation. The automated correlation engine does this work for you and automatically highlights any compromised host activity on your network.


Cyberthreat Defense Report 2018

CyberEdge Group’s fifth annual Cyberthreat Defense Report provides a penetrating look at how IT security professionals perceive cyberthreats and plan to defend against them. Based on a survey of 1,200 IT security decision makers and practitioners conducted in November 2017, the report delivers countless insights that IT security teams can use to better understand how their perceptions, priorities, and security postures stack up against those of their peers.
  • 0
  • 10315

Product Summary Specsheet

Key features, performance capacities and specifications for all Palo Alto Networks firewalls.
  • 83
  • 223332

VM-Series Specsheet

The VM-Series has been optimized and expanded to deliver industry-leading performance of up to 16Gbps of App-ID-enabled firewall throughput across five models.
  • 5
  • 53913

PA-3000 Series Specsheet

Key features, performance capacities and specifications of the Palo Alto Networks PA-3000 Series.
  • 20
  • 100269

Panorama Datasheet

Overview of Panorama, our centralized security management system, that provides you with global control over multiple Palo Alto Networks firewalls.
  • 3
  • 13594

PA-5000 Series Specsheet

Key features, performance capacities and specifications for our PA-5000 Series.
  • 8
  • 68356