Automated Correlation Engine
Detect, surface and highlight compromised hosts on your network

Automated correlation provides analytics that detect security events on your network. It scrutinizes isolated events across multiple logs and log types on the firewall as well as Traps advanced endpoint protection, queries the data for specific patterns, and correlates security events to identify actionable information such as host-based activities that indicate a compromised host. 

Connect the Dots Automatically

The automated correlation engine includes correlation objects defined by the Palo Alto Networks Malware Research team. These objects identify suspicious traffic patterns or sequences of events that indicate a malicious outcome. Some correlation objects can identify dynamic patterns that have been observed from malware samples in WildFire®. Correlation objects trigger correlation events when they match on traffic patterns and network artifacts that indicate a compromised host on your network.

Available on our Next-Generation Firewall and Panorama.


Reduce manual data mining

The ability to detect and highlight compromised hosts automatically empowers network operators and security professionals to cut back on manual data mining. The manual work needed to confirm compromised host activity can take valuable hours if not days. It’s like finding the needle in the haystack. Sometimes, a manual search never results in confirmation. The automated correlation engine does this work for you and automatically highlights any compromised host activity on your network.