Point > Click > Detect

- Our community of security experts are sharing cutting-edge correlations and making their companies more secure.

New Content Added Daily

Content is added daily by our vast community of security professionals. All content is reviewed and rated by members like you, allowing you to easily locate the highest rated and most popular correlation rules and dashboards.

Advanced Search Features

The granular search capabilities of the CorrelationX platform will allow you to quickly locate the rules and dashboards that you need to fill the gaps in your current SIEM deployment.

Simple Integration with a Click

Your membership allows you to download content with the click of a button. Most correlation rules and dashboards will be ready to go out-of-the-box or with minimal adjustments to fit your data formats. You will be using your new rules in dashboards in minutes.

Our Latest Content Additions

New content is being added every day by experts and bounty hunters. Below are the latest additions to Correlation{X}.

List hosts that have not sent data to Splunk in a defined period of time

This search will list all hosts that have not reported data to Splunk within the past 24 hours

Data Source: Splunk - Splunk Metadata;
Tags: Logging;
Type: Metrics Dashboard Search

Generic suspicious file extension written to suspicious location

This hunting rule looks for certain file extensions written to locations such as the root directory, AppData or a subfolder of AppData and directly into Windows. The root and windows folders could be instances of malware installing themselves or of lateral traversal across the network. AppData and it's sub folders are also normal locations for malware to write themselves. These instances should be considered suspicious.

Data Source: Endpoint (EDR) - Carbon Black, Operating System Logs - Windows Security Logs, Operating System Logs - Windows Sysmon, Endpoint (EDR) - CrowdStrike;
Tags: Malware, Exploit, Lateral Movement;
Type: Hunting Dashboard Search

Generic suspicious file extension written to suspicious location (BIT9)

This hunting rule looks for certain file extensions written to locations such as the root directory, AppData or a subfolder of AppData and directly into Windows. The root and windows folders could be instances of malware installing themselves or of lateral traversal across the network. AppData and it's sub folders are also normal locations for malware to write themselves. These instances should be considered suspicious.

Data Source: Endpoint (EDR) - Carbon Black;
Tags: Malware, Exploit, Lateral Movement;
Type: Hunting Dashboard Search

Generic suspicious file extension written to suspicious location (WINSEC)

This hunting rule looks for certain file extensions written to locations such as the root directory, AppData or a subfolder of AppData and directly into Windows. The root and windows folders could be instances of malware installing themselves or of lateral traversal across the network. AppData and it's sub folders are also normal locations for malware to write themselves. These instances should be considered suspicious.

Data Source: Operating System Logs - Windows Security Logs;
Tags: Malware, Exploit, Lateral Movement;
Type: Hunting Dashboard Search

Generic suspicious file extension written to suspicious location (CROWDSTRIKE)

This hunting rule looks for certain file extensions written to locations such as the root directory, AppData or a subfolder of AppData and directly into Windows. The root and windows folders could be instances of malware installing themselves or of lateral traversal across the network. AppData and it's sub folders are also normal locations for malware to write themselves. These instances should be considered suspicious.

Data Source: Endpoint (EDR) - CrowdStrike;
Tags: Malware, Exploit, Lateral Movement;
Type: Hunting Dashboard Search

137

Organizations

49

Data Sources

573

Security Searches

24

Threat Categories