Automated Correlation Engine
Detect, surface and highlight compromised hosts on your network

Automated correlation provides analytics that detect security events on your network. It scrutinizes isolated events across multiple logs and log types on the firewall as well as Traps advanced endpoint protection, queries the data for specific patterns, and correlates security events to identify actionable information such as host-based activities that indicate a compromised host. 

Connect the Dots Automatically

The automated correlation engine includes correlation objects defined by the Palo Alto Networks Malware Research team. These objects identify suspicious traffic patterns or sequences of events that indicate a malicious outcome. Some correlation objects can identify dynamic patterns that have been observed from malware samples in WildFire®. Correlation objects trigger correlation events when they match on traffic patterns and network artifacts that indicate a compromised host on your network.

Available on our Next-Generation Firewall and Panorama.


Reduce manual data mining

The ability to detect and highlight compromised hosts automatically empowers network operators and security professionals to cut back on manual data mining. The manual work needed to confirm compromised host activity can take valuable hours if not days. It’s like finding the needle in the haystack. Sometimes, a manual search never results in confirmation. The automated correlation engine does this work for you and automatically highlights any compromised host activity on your network.


Product Summary Specsheet

Key features, performance capacities and specifications for all Palo Alto Networks firewalls.
  • 81
  • 218058

PA-5200 Series Datasheet

Key features, performance capacities and specifications for our PA-5200 Series.
  • 12
  • 72052

PA-800 Series Datasheet

Palo Alto Networks PA-800 Series next-generation firewall appliances are designed to secure enterprise branch offices and midsized businesses.
  • 12
  • 70106

PA-220 Datasheet

Palo Alto Networks PA-220 brings next-generation firewall capabilities to distributed enterprise branch offices and retail locations.
  • 15
  • 62324

PA-3000 Series Specsheet

Key features, performance capacities and specifications of the Palo Alto Networks PA-3000 Series.
  • 20
  • 96339

VM-Series Specsheet

The VM-Series has been optimized and expanded to deliver industry-leading performance of up to 16Gbps of App-ID-enabled firewall throughput across five models.
  • 5
  • 49210