Detection and correlation

The Detection and correlation section explains how detection logic, correlation, and escalation are structured in Kaseya MDR, after you understand how the platform is used in day‑to‑day operations.

In Using Kaseya MDR, alerts surface security‑relevant activity, investigations add context, and informed decisions are made before any escalation or response. This section builds on that workflow by explaining how signals are defined, evaluated, and escalated so detection supports investigation‑driven decisions rather than replacing them.

Kaseya MDR evaluates security telemetry collected as part of the MDR service and surfaces individual signals such as alerts and indicators of compromise (IOCs). These signals gain meaning through correlation across time, users, devices, and activity patterns, and through intentional escalation using Respond rules when higher confidence is established through investigation.

Articles in this section

This section includes the following articles:

Indicators of Compromise: Explains how IOC rules are used to flag known or suspicious signals, add investigation context, and contribute supporting evidence without drawing conclusions on their own.
Using the Respond Module: Introduces the Respond module and explains how Respond rules, templates, connections, and outcomes fit together before escalation or automation is considered.
Creating Respond rules: Explains how Respond rules are structured to correlate multiple signals into higher‑confidence alerts, including scope, conditions, timing, and outcomes.
Managing Respond connections: Describes how Respond connections support response execution, how connection status affects available outcomes, and how to identify and resolve connection issues.
Respond actions: Explains available response actions, how they are applied safely, and when alert‑only behavior is appropriate in MDR environments.

How detection progresses in Kaseya MDR

Detection in Kaseya MDR typically progresses through three stages:

Security‑relevant signals surface as alerts or IOC matches.
Correlated investigation context is built across activity, entities, and time.
Escalation occurs using Respond rules when investigation confirms that a repeatable pattern should be surfaced or acted on consistently.

The articles in this section follow this progression intentionally.

How to use this section

Use Detection, IOCs, and Respond Rules:

After you understand how alerts and investigations work in practice.
When individual alerts are insufficient and correlation is required.
When translating investigation insight into repeatable escalation logic.
When designing alerting and response behavior intentionally.

If you are still learning how alerts surface activity or how investigations are performed, start with Using Kaseya MDR before working in this section.

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.