Update _posts/2025-03-05-OpenSearch-as-a-SIEM-Solution.md

DattellConsulting · natebower · web-flow · commit 225d2adebc1c · 2025-03-17T11:29:45.000-07:00
Co-authored-by: Nathan Bower &lt;nbower@amazon.com&gt;
Signed-off-by: DattellConsulting &lt;103694126+DattellConsulting@users.noreply.github.com&gt;
diff --git a/_posts/2025-03-05-OpenSearch-as-a-SIEM-Solution.md b/_posts/2025-03-05-OpenSearch-as-a-SIEM-Solution.md
@@ -29,7 +29,7 @@ When a detector's rule condition is met by incoming log data, the system generat
 
 OpenSearch gives users the ability to define alerting conditions. When such conditions are met, OpenSearch sends an alert to the designated channel (email, Slack, PagerDuty, etc.). Alerts can be tailored to trigger on single-rule matches or only when multiple rules are detected.
 
-### <u>Correlation of Events.</u>
+### <u>Correlation of events</u>
 A powerful feature of OpenSearch Security Analytics is its ability to correlate multiple signals across different log sources. The built-in correlation engine can link findings from different types of logs to identify complex attack patterns spanning multiple systems.[1](https://opensearch.org/docs/latest/security-analytics/#:~:text=Security%20Analytics%20is%20a%20security,responding%20effectively%20to%20potential%20threats) 
 
 For example, a sequence of events like a VPN login from a new location, followed by a privileged action in a server log, and an abnormal outbound network connection could be correlated into one incident. 
