Event correlation means compiling all that log data and automatically comparing, for example, all the traffic to or from a particular IP address. If you get six different event correlation providers in the same room, you may find that they do six very different things. Check Point, Cisco and other firewall or IDS vendors offer event correlation on their own platforms. Another set of vendors are approaching event correlation in what Lindstrom describes as “a more lightweight manner” These products aim for plug-and-play simplicity and are available in appliance format.”]
Source: https://www.csoonline.com/article/2117309/toolbox–security-event-management.html