# Astral Correlator The **Astral Correlator** is the component responsible for data correlation and execution of Astral’s detection logic. It processes normalized events ingested by the SIEM, evaluates correlation rules, and identifies anomalies, suspicious behavior, and security incidents across the environment. The Astral Correlator continuously analyzes event streams from multiple data sources, correlating signals across time and domains. By applying rule-based and analytical logic, the correlator detects complex attack patterns that cannot be identified through isolated events, enabling accurate and context-aware threat detection. This component executes Astral’s correlation rules, including YARA-based logic, to generate structured detections. These detections represent confirmed or high-confidence security-relevant activity and form the basis for incident identification and prioritization within the platform. Once a detection is generated, the Astral Correlator forwards it to Inopli’s Response and RPA capabilities. This integration ensures that correlated events are immediately operationalized, enabling investigation, automated response, and remediation as part of a coordinated and auditable security workflow. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.inopli.com/astral/astral-implementation/components/astral-correlator.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.