A single event may seem trivial, but in combination with other events, it might warn you of a potential problem. Sentinel helps you correlate such events by using the rules you create and deploy in the Correlation engine, and take appropriate action to mitigate any problems.
Correlation adds intelligence to security event management by automating analysis of the incoming event stream to find patterns of interest. Correlation allows you to define rules that identify critical threats and complex attack patterns so that you can prioritize events and initiate effective incident management and response. For more information, see Correlating Event Data
in the NetIQ Sentinel 7.1 User Guide.
To monitor events according to the Correlation rules, you must deploy the rules in the Correlation Engine. When an event occurs that satisfies the rule criteria, the Correlation Engine generates a correlation event describing the pattern. For more information, see Correlation Engine
in the NetIQ Sentinel 7.1 User Guide.