Identify a correlation rule to distinguish the most significant alert from a given set of events from multiple data sources using the firepower management console

Implementing Cisco Cybersecurity Operations (210-255)

The Cisco Firepower Management Center has the ability for custom correlation rules. These rules can be created to trigger based on many different attributes. Once triggered a correlation rule can then be used to perform an action. I would suggest reviewing the documentation, especially the examples.

The results of a correlation policy can provide alerts to events that are specific to an organization.