Correlation Pattern Insights
Find information about the performance of your correlation patterns.
The Correlation Pattern Insights dashboard provides insight into the effectiveness and trends of your correlation patterns. The dashboard enables you to view data on all of your patterns at a glance, and to drill down to view granular information about a specific correlation pattern.
Dashboard Duplication
The Correlation Pattern Insights dashboard cannot currently be duplicated. See the Unified Analytics Dashboards documentation for a full list of duplicable dashboards.
Correlation Pattern Insights Dashboard
Key Features
The Correlation Pattern Insights dashboard allows you to:
- Visualize and track data on alert correlation across your instance.
- Drill down to view analytics on specific correlation patterns.
- Determine ways to improve configuration settings to reduce noise.
Correlation Pattern Insights
The Correlation Pattern Insights dashboard displays information on how all of your correlation patterns are performing.
Incident Updates
Data in this dashboard is based on incident updates in the selected timeframe.
The following widgets are available within the dashboard:
| Widget Name | Description |
|---|---|
| Compression Rate | The percent of processed alerts formed into incidents. |
| # Total Alerts | The total number of alerts that were processed by correlation during the given timeframe. |
| # Total Incidents Formed | The total number of incidents created during the given timeframe. |
| Average Compression Trend | The average compression percentage over time for total incidents, actioned incidents, and non-actioned incidents. |
| Total Alerts Trend | The total number of alerts correlated, over time. |
| Correlated Incidents Trend | The number of actioned vs non-actioned correlated incidents. |
| Correlation Patterns Effectiveness Comparison | A table showing detailed data on your correlation patterns. The following information is displayed per correlation pattern: Pattern - The tags used in the correlation pattern. The No Pattern row refers to incidents that did not match any correlation pattern. Time Window (min) - The time window in which this pattern will correlate alerts together. Compression - The percent of alerts that were correlated into incidents. # Alerts - Number of alerts correlated by the pattern. # Incidents - Number of incidents created by the pattern. # Actioned INC - Number of actioned incidents. # Non-Actioned INC - The number of non-actioned incidents. # Splits - The number of splits that occurred on incidents created by the correlation pattern. # Merges - The number of merges that occurred on incidents created by the correlation pattern. |
| Total Splits | The total number of incidents split into new incidents that occurred in the dashboard’s timeframe. |
| Total Merges | The total number of source incidents merged into new incidents that occurred in the dashboard’s timeframe. |
| Splits & Merges Trend | A line graph showing the trend of splits and merges over time. |
Correlation Pattern Filter
In addition to the time filter, the Correlation Pattern Insights dashboard allows you to filter by a specific correlation pattern.
Select patterns from the filter to drill down into and compare the effectiveness of individual patterns.
Incidents that don’t match any Correlation Pattern won’t compress. The No Pattern incidents row in the Correlation Patterns Effectiveness Comparison widget will highlight these. You can also use the filter to drill down into No Pattern incidents.
Learn more about using filters and widget options in the Filter Dashboards documentation.
Next Steps
View Unified Analytics dashboards
Learn how to Manage Unified Analytics
Find definitions of Unified Analytics key metrics
Dive into potential reporting fields in Unified Analytics Reporting Tables
Updated about 1 month ago