7 Replies Latest reply on Nov 9, 2015 6:21 PM by open_query

    Correlation That Matches Event Field Data

    open_query

      I would like to incorporate logic into a correlation rule that takes a field in an event (External_SessionID) and matches it with another event. If the External_SessionIDs match, I want to take Field-x from event 1 and Field-y from event 2 and use them in the correlation rule with an event from another device type. Does anyone know of a way to do this? I have tried a couple of forum searches but haven't found anything like it yet.