Viewing Correlated Events - Correlation Data | Trend Micro Service Central

To view correlation data, click the Correlation Data icon (

) under Details on the Correlated Events screen.

Note:

The Correlation Data icon is grayed out when correlation data is unavailable.

Use the following sections for advanced analysis of malicious activity:

Summary

Displays the severity, the number of detected internal hosts and Indicators of Compromise (IOCs), the assigned attack patterns, and provides a high-level overview of the malicious activity of the correlation data.
Correlation Graph

Provides a visual representation of correlations made between the correlated event selected in Deep Discovery Director and other related events as they occurred over time.
Transaction and IOC Details

Provides details about each transaction represented in the correlation graph, and each detected Indicator of Compromise (IOC). Transactions are listed from oldest transaction at the top to the most recent transaction at the bottom. IOCs are listed from oldest first seen at the top to the most recent first seen at the bottom.

Tip:

Information displayed in the Correlation Data screen is created dynamically. The number of correlations and details about interactions and malicious activity between hosts presented in this screen can change over time. You can access the correlation data for a specific detection at a later time to see if additional analysis details are available.
When Deep Discovery Director (Internal Network Analytics Version) is integrated with more than one Deep Discovery Director (Internal Network Analytics Version) server operating in Deep Discovery Director (Standalone Network Analytics Mode), multiple sets of correlation data may exist for a single correlated event. Switch between the correlation data generated by each Deep Discovery Director (Standalone Network Analytics Mode) server by clicking on the Network Analytics server display name and IP address and selecting the desired server.

For details on how to use the information displayed in the Correlation Data screen to assist in advanced analysis, see Analyzing Correlation Data Information.