Correlation ExplorerBrowse pivots — shared identities, files, destinations, and devices — that link multiple cases across the dataset. Use this to spot coordinated activity or repeat behavior the per-case view can't show.
Cross-case pivots derived from every case's correlation graph. Click a row to inspect the cluster.
Total pivotsPivot nodes that appear in 2+ cases.
3
Identity linksSame user (EMP-ID) across multiple cases.
1
File linksSame document or fingerprint across cases.
1
Destination linksSame external endpoint touched by multiple cases.
1
Cases in clustersDistinct cases that share at least one pivot.
5
Sources
Min cases2+
Shared pivots (3)Each row is a node that appears in 2 or more cases. Sources column shows which QRadar SIEM / Forcepoint DLP / Forcepoint Proxy systems observed it.
| Pivot | Type | Cases | Sources | Sev | Last activity |
|---|---|---|---|---|---|
mega.nz | Destination | 3 | Proxy | Critical | 2026-06-08 13:22 IST |
James Mitchell (EMP-4471) | Identity | 2 | DLPProxySIEM | Critical | 2026-06-08 13:22 IST |
Servicing_Portfolio_Q2 | File | 2 | DLPSIEM | Critical | 2026-06-08 13:22 IST |
Cluster detailPivot node in the center with each linked case orbiting it. Open any case to inspect its full correlation graph and evidence.
Pivot
mega.nz
Same external destination touched by multiple cases — potential common exfiltration channel.
Linked cases (3)
- OpenCASE-2026-0847CriticalBulk borrower-NPI egress by departing Loan Operations AnalystJames Mitchell · EMP-4471 · risk 94
- OpenCASE-2026-0849MediumDeveloper hit paste-site + cross-team repo accessThomas Müller · EMP-3380 · risk 56
- OpenCASE-2026-0852MediumContractor email to personal — small spreadsheet (no NPI)Lucas Fernandez · EMP-9921 · risk 41
Correlations are computed from the cases' shared graph nodes. AI output is advisory — analysts must validate before acting.