Astral Correlator

The Astral Correlator is the component responsible for data correlation and execution of Astral’s detection logic. It processes normalized events ingested by the SIEM, evaluates correlation rules, and identifies anomalies, suspicious behavior, and security incidents across the environment.

The Astral Correlator continuously analyzes event streams from multiple data sources, correlating signals across time and domains. By applying rule-based and analytical logic, the correlator detects complex attack patterns that cannot be identified through isolated events, enabling accurate and context-aware threat detection.

This component executes Astral’s correlation rules, including YARA-based logic, to generate structured detections. These detections represent confirmed or high-confidence security-relevant activity and form the basis for incident identification and prioritization within the platform.

Once a detection is generated, the Astral Correlator forwards it to Inopli’s Response and RPA capabilities. This integration ensures that correlated events are immediately operationalized, enabling investigation, automated response, and remediation as part of a coordinated and auditable security workflow.