The Correlation tab provides an interface to create and deploy rules to detect suspicious or malicious patterns of events.
In the Correlation tab, you may:
Create and edit rules
Deploy/Undeploy rules
Add an action and associate it to a rule
Configure dynamic lists