Log correlation requires log data from different sources to make connections between data sets and to identify patterns of events. Log correlation is critical to detecting attacks in real time and helps us identify security flaws. You can conduct log correlation based on numerous factors like time, rules, pattern, topology, and so on.
Two of the most popular tools that are used to aggregate data from multiple sources for analysis are security orchestration, automation and response (SOAR) and security information and event management (SIEM). While they both pull information, SIEM focuses on aggregating data from traditional network infrastructure while SOAR pulls everything SIEM collects as well as additional information like information from threat intelligence. Most SOAR leverages SIEM and are usually used in tandem.
SIEM collects, analyzes, and generates dashboards/reports live time and is used for compliance, incident investigation, and vulnerability management. SOAR does this on a bigger scale and also leverages playbooks/AI/machine learning capability to automate operational processes like threat hunting and incident response. Simply put, SOAR not only pulls data and analyzes them, but it uses AI and automation to resolve certain issues.
HansITAcademy 