Function: Correlation (c9cc1b42-6487-59c6-8e5b-9258b2f33865)
Potential information security incidents pertaining to the same assets (e.g., systems, services, customers) or identities (e.g., users), or which are otherwise directly related to other potential information security incidents are grouped together and escalated as a single information security incident in order to avoid duplicate efforts. New potential information security incidents directly related to ongoing information security incidents are assigned to that information security incident instead of opening a new, separate information security incident.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Function: Correlation (c9cc1b42-6487-59c6-8e5b-9258b2f33865) | FIRST CSIRT Services Framework | Service: Event analysis (3818f4f7-4d89-5ca1-b129-4c31640b130c) | FIRST CSIRT Services Framework | 1 |