Event Correlation Engine

Techniques for Prioritizing Alerts and Identifying Leading Indicators in the Age of Machine Learning


Event correlation is the process of aggregating events and analyzing relationships between them in order to “reduce the noise.” It is a response to “alert fatigue” caused by IT sprawl (the volume and complexity of infrastructure and applications) and the reality that most enterprises have deployed numerous monitoring tools. Something needs to collect information from these disparate sources then refine the incoming information to make it understandable and actionable – providing IT Operations and monitoring teams with the ability to “See the forest through the trees.”

The technique has been around long enough that it almost became an afterthought. “Keeping the lights on” isn’t a sexy concept to executive stakeholders who are primarily focused on concerns such as cloud computing, security, mobile, etc. However, the emergence of machine learning and IT Operations Analytics (ITOA) is creating an event correlation renaissance – better automation and deeper insights (including warnings about events that haven’t even happened yet) are dramatically lowering costs and improving efficiency, resulting in a lighter load on the Service Desk, fewer service interruptions and faster response time.

If you are looking for a modern event correlation engine, below are some of the key attributes you should consider.

Native integration with monitoring and the ITSM platform

Collaboration on a unified platform allows IT Operations and Support teams to dramatically improve event management. “Noise” can be managed and reduced on the front end by automatically provisioning monitoring when a new device is added to the CMDB, and/or automatically suppressing event noise during planned changes. Additionally, events can be enriched with ITSM data to improve root cause analysis and trigger automated remediation.

Based on proven standards and methodologies

Best practices include the normalization of source data into a common event format (which allows you to report and take action on similar events while maintaining all original detail), and filtering unwanted events close to the source. Correlation based on a mixture of CMDB topology, time, and event content will give you the most flexibility and accuracy.

Flexible logic

Enterprises do not want to custom code their event management solution (there are too many moving parts) so an out-of-the-box, tunable solution that evolves with your business requirements and accommodates 0-day events (or unique scenarios) is preferable.

Supervised and unsupervised machine learning

Can you proactively calculate service impact and identify leading indicators in real-time? Extensible algorithms will allow you to immediately determine severity and continuously improve scoring accuracy.


Learn more about event correlation from Evanios. We will gladly provide consultations, full demonstrations and proof of concept for qualified customers.

What people are saying