Automated Correlation Engine
Detect, surface and highlight compromised hosts on your network

Automated correlation provides analytics that detect security events on your network. It scrutinizes isolated events across multiple logs and log types on the firewall as well as Traps advanced endpoint protection, queries the data for specific patterns, and correlates security events to identify actionable information such as host-based activities that indicate a compromised host. 

Connect the Dots Automatically

The automated correlation engine includes correlation objects defined by the Palo Alto Networks Malware Research team. These objects identify suspicious traffic patterns or sequences of events that indicate a malicious outcome. Some correlation objects can identify dynamic patterns that have been observed from malware samples in WildFire®. Correlation objects trigger correlation events when they match on traffic patterns and network artifacts that indicate a compromised host on your network.

Available on our Next-Generation Firewall and Panorama.


Reduce manual data mining

The ability to detect and highlight compromised hosts automatically empowers network operators and security professionals to cut back on manual data mining. The manual work needed to confirm compromised host activity can take valuable hours if not days. It’s like finding the needle in the haystack. Sometimes, a manual search never results in confirmation. The automated correlation engine does this work for you and automatically highlights any compromised host activity on your network.


What is a denial of service attack (DoS) ?

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users by flooding it with traffic.
  • 3
  • 61522

Product Summary Specsheet

Key features, performance capacities and specifications for all Palo Alto Networks firewalls.
  • 86
  • 241213

What is an Intrusion Prevention System?

An Intrusion Prevention System (IPS) is a network security prevention technology that examines network traffic flow to detect and prevent vulnerability exploits
  • 5
  • 110994

What is a Zero Trust Architecture?

Businesses who want to prevent the exfiltration of sensitive data and improve their defense against modern cyber threats can consider a Zero Trust architecture.
  • 1
  • 42194

PA-5200 Series Datasheet

Palo Alto Networks® PA-5200 Series of next-generation firewall appliances is comprised of the PA-5280, PA-5260, PA-5250 and PA-5220.
  • 21
  • 90889

What is Cybersecurity?

Cybersecurity refers to the preventative techniques used to protect the integrity of networks, programs and data from attack, damage, or unauthorized access.
  • 4
  • 84021