Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Where is the correlation_id value used?

randytangco
Mega Guru

‎11-30-2017 11:19 AM

Hello..   I have been trying to understand where is the correlation_id field is used in the security operations application when managing an incoming security event.

OOB, I think the SIEM (Splunk) sends a snsecevent message to SN.   I get to see the correlation_id field in the additional field of the event table.

However, I am not able to find in the system where is that used for managing the creation of alerts for de-duplication purposes.     Is there a place to check how it is used?

Labels:
0 Helpfuls
  • 9,233 Views
6 REPLIES 6

sachin_namjoshi
Mega Patron
In response to randytangco

‎11-30-2017 12:41 PM

Hi Randy,



Check for business rules, script includes, client scripts, UI scripts....



Regards,


Sachin


0 Helpfuls

randytangco
Mega Guru
In response to sachin_namjoshi

‎11-30-2017 04:16 PM

sachin.chinchkar.   Thank you for the input.   I had done the search of the business rules, script includes, et al and did not find the source code that uses the field.   I event change the search keyword for message_key and did not find anything.   I know it is there though.


0 Helpfuls
Related Content