alert correlation

{{Short description|Type of log analysis}}

{{Multiple issues|

{{notability|date=January 2012}}

{{unreferenced|date=January 2012}}

}}

Alert correlation is a type of log analysis. It focuses on the process of clustering alerts (events), generated by NIDS and HIDS computer systems, to form higher-level pieces of information.

Example of simple alert correlation is grouping invalid login attempts to report single incident like "10000 invalid login attempts on host X".