Where is the correlation_id value used?

randytangco
Mega Guru

‎11-30-2017 11:19 AM

Hello..   I have been trying to understand where is the correlation_id field is used in the security operations application when managing an incoming security event.

OOB, I think the SIEM (Splunk) sends a snsecevent message to SN.   I get to see the correlation_id field in the additional field of the event table.

However, I am not able to find in the system where is that used for managing the creation of alerts for de-duplication purposes.     Is there a place to check how it is used?

Labels:
0 Helpfuls
  • 7,764 Views
6 REPLIES 6

sachin_namjoshi
Kilo Patron
Kilo Patron
In response to randytangco

‎11-30-2017 12:41 PM

Hi Randy,



Check for business rules, script includes, client scripts, UI scripts....



Regards,


Sachin


0 Helpfuls

randytangco
Mega Guru
In response to sachin_namjoshi

‎11-30-2017 04:16 PM

sachin.chinchkar.   Thank you for the input.   I had done the search of the business rules, script includes, et al and did not find the source code that uses the field.   I event change the search keyword for message_key and did not find anything.   I know it is there though.


0 Helpfuls
Related Content