This repository has been archived by the owner on Aug 31, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 159
Event Correlation
robfry edited this page Oct 16, 2014
·
2 revisions
Back to The FIDO Assembly Line
Event correlation is another major component to FIDO. The value is not only for when an event is deemed to be malicious, but also when multiple detectors trigger and one of them prevented an attack. If a FireEye appliance triggers on a malicious download by a machine, but the download was blocked by Bit9 on the endpoint, do you have a serious security event, or a simple FIDO alert saying 'nothing to see here' because the problem was remediated. This is what event correlation provides by integrating with your security stack.
On to the next step... Scoring.