Point > Click > Detect

- Our community of security experts are sharing cutting-edge correlations and making their companies more secure.

New Content Added Daily

Content is added daily by our vast community of security professionals. All content is reviewed and rated by members like you, allowing you to easily locate the highest rated and most popular correlation rules and dashboards.

Advanced Search Features

The granular search capabilities of the CorrelationX platform will allow you to quickly locate the rules and dashboards that you need to fill the gaps in your current SIEM deployment.

Simple Integration with a Click

Your membership allows you to download content with the click of a button. Most correlation rules and dashboards will be ready to go out-of-the-box or with minimal adjustments to fit your data formats. You will be using your new rules in dashboards in minutes.

Our Latest Content Additions

New content is being added every day by experts and bounty hunters. Below are the latest additions to Correlation{X}.

Suspicious service being stopped

This rule looks for instances of services being stopped which could indicate malware attempting to circumvent security solutions on the system.

Data Source: Endpoint (EDR) - Carbon Black, Operating System Logs - Windows Security Logs, Operating System Logs - Windows Sysmon, Endpoint (EDR) - CrowdStrike;
Tags: Malware, AV/Control Bypass;
Type: Correlation

Suspicious service being stopped (WINSEC)

This rule looks for instances of services being stopped which could indicate malware attempting to circumvent security solutions on the system.

Data Source: Operating System Logs - Windows Security Logs;
Tags: Malware, AV/Control Bypass;
Type: Correlation

Suspicious service being stopped (CROWDSTRIKE)

This rule looks for instances of services being stopped which could indicate malware attempting to circumvent security solutions on the system.

Data Source: Endpoint (EDR) - CrowdStrike;
Tags: Malware, AV/Control Bypass;
Type: Correlation

Suspicious service being stopped (BIT9)

This rule looks for instances of services being stopped which could indicate malware attempting to circumvent security solutions on the system.

Data Source: Endpoint (EDR) - Carbon Black;
Tags: Malware, AV/Control Bypass;
Type: Correlation

Suspicious service being stopped (SYSMON)

This rule looks for instances of services being stopped which could indicate malware attempting to circumvent security solutions on the system.

Data Source: Operating System Logs - Windows Sysmon;
Tags: Malware, AV/Control Bypass;
Type: Correlation

101

Organizations

48

Data Sources

484

Security Searches

22

Threat Categories