Related events

Use the related events function to identify and show events that are historically related and to deploy chosen correlation rules, which are derived from related events configurations. You can create a pattern based on a related events group. The pattern applies the events in the group, which are specific to a resource, to any resource.

The related events function is accessible through three portlets.
  • The Configure Analytics portlet. Use this portlet to create, modify, run, and delete related events configurations.
  • The View Related Events portlet. Use this portlet to review the events and event groups that are derived from a related events configuration and to deploy correlation rules.
  • The Related Event Details portlet. Use this portlet to access more detail about an event or an event group.

To access the View Related Events portlet, users must be assigned the ncw_analytics_admin role.

The related events function uses an algorithm with the event database columns you select to determine relationships between events.

Related events find signatures and patterns that occur together in the historic event stream. This discovery allows subject matter experts to easily review the detected signatures and derive correlation rules from related events configurations, without having to write correlation triggers or policies.

This diagram shows the relationship between the components for the related events functions.
Figure 1. Related events architecture overview 
Data source architecture