diff --git a/correlation/cache/operators.go b/correlation/cache/operators.go
index 96486d455..5f51d3853 100644
--- a/correlation/cache/operators.go
+++ b/correlation/cache/operators.go
@@ -1,6 +1,7 @@
 package cache
 
 import (
+	"fmt"
 	"net"
 	"regexp"
 	"strconv"
@@ -9,17 +10,18 @@ import (
 	"github.com/tidwall/gjson"
 )
 
-func inCIDR(addr, network string) bool {
+func inCIDR(addr, network string) (bool, error) {
 	_, subnet, err := net.ParseCIDR(network)
 	if err == nil {
 		ip := net.ParseIP(addr)
 		if ip != nil {
 			if subnet.Contains(ip) {
-				return true
+				return true, nil
 			}
 		}
+		return false, fmt.Errorf("invalid IP address")
 	}
-	return false
+	return false, err
 }
 
 func equal(val1, val2 string) bool {
@@ -52,27 +54,26 @@ func endWith(str, suff string) bool {
 	return strings.HasSuffix(str, suff)
 }
 
-func expresion(exp, str string) bool {
+func expresion(exp, str string) (bool, error) {
 	re, err := regexp.Compile(exp)
 	if err == nil {
 		if re.MatchString(str) {
-			return true
+			return true, nil
 		}
 	}
-	return false
+	return false, err
 }
 
-func minThan(min, may string) bool {
-	minN, err := strconv.ParseFloat(min, 64)
-	if err != nil {
-		return false
+func parseFloats(val1, val2 string) (float64, float64, error) {
+	f1, err1 := strconv.ParseFloat(val1, 64)
+	if err1 != nil {
+		return 0, 0, err1
 	}
-	mayN, err := strconv.ParseFloat(may, 64)
-	if err != nil {
-		return false
+	f2, err2 := strconv.ParseFloat(val2, 64)
+	if err2 != nil {
+		return 0, 0, err2
 	}
-
-	return minN < mayN
+	return f1, f2, nil
 }
 
 func compare(operator, val1, val2 string) bool {
@@ -104,23 +105,55 @@ func compare(operator, val1, val2 string) bool {
 	case "not end with":
 		return !endWith(val1, val2)
 	case "regexp":
-		return expresion(val2, val1)
+		matched, err := expresion(val2, val1)
+		if err != nil {
+			return false
+		}
+		return matched
 	case "not regexp":
-		return !expresion(val2, val1)
+		matched, err := expresion(val2, val1)
+		if err != nil {
+			return false
+		}
+		return matched
 	case "<":
-		return minThan(val1, val2)
+		f1, f2, err := parseFloats(val1, val2)
+		if err != nil {
+			return false
+		}
+		return f1 < f2
 	case ">":
-		return !minThan(val1, val2)
+		f1, f2, err := parseFloats(val1, val2)
+		if err != nil {
+			return false
+		}
+		return f1 > f2
 	case "<=":
-		return equal(val1, val2) || minThan(val1, val2)
+		f1, f2, err := parseFloats(val1, val2)
+		if err != nil {
+			return false
+		}
+		return f1 <= f2
 	case ">=":
-		return equal(val1, val2) || !minThan(val1, val2)
+		f1, f2, err := parseFloats(val1, val2)
+		if err != nil {
+			return false
+		}
+		return f1 >= f2
 	case "exist":
 		return true
 	case "in cidr":
-		return inCIDR(val1, val2)
+		matched, err := inCIDR(val1, val2)
+		if err == nil {
+			return matched
+		}
+		return false
 	case "not in cidr":
-		return !inCIDR(val1, val2)
+		matched, err := inCIDR(val1, val2)
+		if err == nil {
+			return !matched
+		}
+		return false
 	default:
 		return false
 	}