EPFL Logo
fr|en
Login
Concept

Event correlation

Event correlation is a technique for making sense of a large number of events and pinpointing the few events that are really important in that mass of information. This is accomplished by looking for and analyzing relationships between events. Event correlation has been used in various fields for many years: since the 1970s, telecommunications and industrial process control; since the 1980s, network management and systems management; since the 1990s, IT service management, publish-subscribe systems (pub/sub), Complex Event Processing (CEP) and Security Information and Event Management (SIEM); since the early 2000s, Distributed Event-Based Systems and Business Activity Monitoring (BAM). Integrated management is traditionally subdivided into various fields: layer by layer: network management, system management, service management, etc. by management function: performance management, security management, etc. Event correlation takes place in different components depending on the field of study: Within the field of network management, event correlation is performed in a management platform typically known as a Network Management Station or Network Management System (NMS). For example, events may notify that a device has just rebooted or that a network link is currently down. Within the field of systems management, an event may for instance report that the CPU utilization of an e-business server has been at 100% for over 15 minutes. Within the field of service management, an event may notify that a Service-Level Objective is not met for a given customer, for example. Within the field of security management, the management platform is usually known as the Security Information and Event Management (SIEM), and event correlation is often performed in a separate correlation engine. That engine may directly receive events in real time, or it may read them from SIEM storage. In this case, examples of monitored events include activity such as authentication, access to services and data, and output from point security tools such as an Intrusion Detection System (IDS) or antivirus software.

Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Copyright © 2025 EPFL, all rights reserved

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.