Previous Topic: New and Changed Features in r12.5Next Topic: Incident Management


Event Correlation

You can use event correlation rules to detect complex patterns of events that are associated with unusual or dangerous states, or with suspicious activity. CA User Activity Reporting Module provides numerous predefined correlation rules, and the ability to create custom rules or modify predefined ones.

You could deploy a prefined correlation rule to detect suspicious activity after a specified number of failed logins. For example you could use the "5 Failed Logins by a single account followed by excessive configuration management activity" rule. In this case, you could also customize the number of failed logins, or the definition of excessive activity.

For more information about Event Correlation, see the CA User Activity Reporting Module Implementation Guide and CA User Activity Reporting Module Online Help.