Hybrid Correlation

Hybrid correlation provides pattern-based correlation of alerts with AI based similarity checks. You need to define the policy followed by a rule.

Policy can be defined based on conditional operators and potential values for alert attributes. The alerts for which the defined condition is fulfilled are correlated together. You can define as many rules as you require for a single policy.

AI based operators offered in hybrid correlation method are IDENTICAL, EMPTY and SIMILAR.

IDENTICAL looks for same values for the field specified
EMPTY looks for empty values for the field specified
SIMILAR looks for semantically similar values for the field specified

(Refer: Alert Correlation Policy for detailed description on Hybrid Correlation)