    What does the Fields tab in correlation rule do?


      Hello, Forgive me if I am missing something in documentation or an existing thread, but what does the Fields tab in the correlation rule do?


      I am wracking my brain trying to figure out, but to me is just feels like circular logic. So a field from an event matches another field within it self?


      Please help as I am going to drive my self insane trying to figure this out.


      Thank You