Event Analytics & Prediction • Room 1

ITSI Correlation Searches

ITSI has its own correlation search framework separate from Enterprise Security. These searches run against the itsi_summary index (where KPI data is written) and generate Notable Events when conditions are met. They can detect complex multi-service patterns like "3 infrastructure services degraded simultaneously."

Unlike simple threshold alerts, ITSI correlation searches can evaluate cross-service conditions, time-over-time comparisons, and statistical anomalies. They are configured in the Event Analytics section and can trigger aggregation policies, create episodes, and execute actions.

Use the itsi_summary index in your correlation searches — it contains pre-computed KPI values, making searches much faster than querying raw data.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

❤️❤️❤️

Question 1 of 2

Where does ITSI store pre-computed KPI values for correlation searches?

AThe main index

BThe itsi_summary index

CThe KV Store

DGlass Tables