Today, all enterprises - large and small, across industries and geographies - are vulnerable to security threats. Security event logs often comprise of data from different sources like access logs, Netflow/VPC Flow, CloudTrail, Active directory and many more. Correlating this data is often challenging and tedious. Security Analytics’ correlation engine helps in correlating the findings from different sources. This talk explores the capabilities of OpenSearch’s Security Analytics’ Correlation Engine, demonstrating how it auto-correlates findings from different log categories to revolutionize threat detection. Learn how detection rules are transformed into executable OpenSearch queries, triggering threat alerts. Additionally, we’ll showcase the engine’s role as a Security Finding Knowledge Graph, providing holistic views of security events. Join us to strengthen your organization’s defense strategies.
