Point > Click > Detect

- Our community of security experts are sharing cutting-edge correlations and making their companies more secure.

New Content Added Daily

Content is added daily by our vast community of security professionals. All content is reviewed and rated by members like you, allowing you to easily locate the highest rated and most popular correlation rules and dashboards.

Advanced Search Features

The granular search capabilities of the CorrelationX platform will allow you to quickly locate the rules and dashboards that you need to fill the gaps in your current SIEM deployment.

Simple Integration with a Click

Your membership allows you to download content with the click of a button. Most correlation rules and dashboards will be ready to go out-of-the-box or with minimal adjustments to fit your data formats. You will be using your new rules in dashboards in minutes.

Our Latest Content Additions

New content is being added every day by experts and bounty hunters. Below are the latest additions to Correlation{X}.

Suspicious certutil usage (WINSEC)

This rule looks for suspicious usage of the certutil tool which could indicate infection activity intended to evade common security mechanisms.

Data Source: Operating System Logs - Windows Security Logs;
Tags: Malware;
Type: Hunting Dashboard Search

Suspicious certutil usage (CROWDSTRIKE)

This rule looks for suspicious usage of the certutil tool which could indicate infection activity intended to evade common security mechanisms.

Data Source: Endpoint (EDR) - CrowdStrike;
Tags: Malware;
Type: Hunting Dashboard Search

Logins from multiples IPs with time difference

This can assist in identifying account compromises within O365. The search provides times that are sorted by the least amount of time first (commonly 0 hours) to see if travel between the two distances is impossible.

Data Source: Email - Office 365;
Tags: Account Takeover, Insider Threat, Reconnaissance;
Type: Hunting Dashboard Search

Internal email domain masquerading

Identify domains that are similar to your organizations domain name using the levenshtein algorithm. This provides statistics around look-a-like domains sending emails to your organization.

Data Source: Email - Office 365;
Tags: Malware, Phishing, Exploit;
Type: Hunting Dashboard Search

Suspicious post exploitation command line activity (BASH)

This rule looks for command line activity commonly associated with post exploitation utilities and filenames associated with exploitation frameworks such as Metasploit.

Data Source: Operating System Logs - Nix Logs;
Tags: Malware, Exploit, Insider Threat;
Type: Hunting Dashboard Search

121

Organizations

48

Data Sources

560

Security Searches

22

Threat Categories