The correlation capability in Sentinel provides the ability to look for known patterns of activity, whether it be for security, compliance, or other reasons. The Security Intelligence capability looks for activity that is out of the ordinary, which may be malicious, but does not match any known pattern.
The Security Intelligence feature in Sentinel focuses on statistical analysis of time series data to enable analysts to identify and analyze deviations (anomalies) either by an automated statistical engine or by visual representation of the statistical data for manual interpretation. For more information, see Analyzing Trends in Data
in the NetIQ Sentinel 7.1 User Guide.