Connecting the Dots: Advancing Threat Detection Through Correlation in Security Analytics

Today, all enterprises - large and small, across industries and geographies - are vulnerable to security threats. Security event logs often comprise of data from different sources like access logs, Netflow/VPC Flow, CloudTrail, Active directory and many more. Correlating this data is often challenging and tedious. Security Analytics’ correlation engine helps in correlating the findings from different sources. This talk explores the capabilities of OpenSearch’s Security Analytics’ Correlation Engine, demonstrating how it auto-correlates findings from different log categories to revolutionize threat detection. Learn how detection rules are transformed into executable OpenSearch queries, triggering threat alerts. Additionally, we’ll showcase the engine’s role as a Security Finding Knowledge Graph, providing holistic views of security events. Join us to strengthen your organization’s defense strategies.


Wednesday, September 27 2:50pm-3:30pm in Redwood

Track: Analytics, Observability, and Security


Saurabh Singh photograph

Saurabh Singh

Senior Software Development Engineer at AWS - OpenSearch