Question 5 of 10Pro Only

What is event correlation in a SIEM, and can you give an example of a correlation rule that would detect a potential security incident from events that individually seem harmless?

Sample answer preview

Event correlation is the process by which a SIEM analyzes events from multiple log sources and identifies relationships between them that could indicate a security threat.

event correlationcorrelation ruleslateral movementdata exfiltrationVPN anomalylog sources

Unlock the full answer

Get the complete model answer, key points, common pitfalls, and access to 9+ more SOC Analyst interview questions.

Upgrade to Pro

Starting at $19/month • Cancel anytime

Back to Track