Correlation Tuning Simulator - Nexus SecOps MicroSim

Rule Parameters

Event Count Threshold (min events to trigger alert)

Time Window (minutes to correlate events)

5 min

Severity Filter (minimum severity to include)

Medium

Daily Alert Volume

Detection Coverage Over Time

Alerts/Day

Generated alerts

Coverage

Threats detected

Noise Ratio

False positives

Efficiency

Coverage/Alert

Tuning Tips: Lower thresholds increase detection but generate more alerts. Wider time windows catch slow attacks but may create noise. Balance coverage against analyst capacity (target: 20-50 alerts/day for a single analyst).