6 Replies · Latest reply on Nov 30, 2017 4:16 PM by Randy Tangco

    Where is the correlation_id value used?

      Hello..  I have been trying to understand where is the correlation_id field is used in the security operations application when managing an incoming security event.

       

      OOB, I think the SIEM (Splunk) sends a snsecevent message to SN.  I get to see the correlation_id field in the additional field of the event table.

       

      However, I am not able to find in the system where is that used for managing the creation of alerts for de-duplication purposes.   Is there a place to check how it is used?