Broadly, a correlation is a relationship between two or more (often dissimilar) things, like sets of data. In cybersecurity, analysts in an organization’s security operations center (SOC) can use a SIEM platform to look for correlations in security data. By collecting and analyzing data from a variety of sources, such as firewalls and intrusion detection systems (IDSs), security teams can get a more complete picture of an organization’s security posture and discover connections that would be difficult to spot otherwise.
Depending on the tools in use in a given organization, various kinds of data may be available for this type of analysis. For example, user entity and behavior analysis (UEBA) software generates login frequency and session duration data.