Industry leaders in the MSSP space will use event correlation engines to rapidly recognize unwanted or malicious network activity (an event) and interpret its level of risk to generate an appropriate response (an alert) This process involves a combination of event and target correlation. Event correlation will typically rely on predefined signatures within a data-mining infrastructure to rapidly identify harmful events inside everyday network traffic. Once identified, target correlation assigns a risk level for the given event based on the unique aspects and technologies present in the customers environment.”]
Source: https://www.csoonline.com/article/2117839/detecting-a-breach.html