The goal of a correlation analysis is to see whether two measurement variables co vary, and to quantify the strength of the relationship between the variables.

Correlation is important to make sense out of all that information in the system. Correlation to the rescue and increase evidence of the event and the business impact and the event a false positiveness.


Correlation process


Features Correlation rules can nest any level AND condition: branch another level OR condition: insert a new rule on same level


Risk Formula



Correlation rules

Features Correlation rules can nest any level

  • AND condition: branch another level
  • OR condition: insert a new rule on same level

Threat detection use case

  • Correlate firewall events to detect common DoS and DDoS attacks
  • Prebuilt AlienVault correlation directives cover a lot of those already
  • Modify for your environment
  • Build Security Intelligence


Successful SSH login to VIP host Service going down on host Correlation rule will generate an alert.



  • Reduce false positive alarms

As you collect more events from different external systems, you may run into a scenario that is causing the USM Server to generate more alarms than you want. You can use policies to filter the events to reduce the number of alarms that are created.

  • Sending an email notification

You can create a policy to automatically trigger an email to administrators or others whenever a high-risk alarm occurs.

  • Temporarily hiding true positive alarms

Occasionally, you may need to temporarily disable alarms based on a particular set of events. This makes sense when you want to reduce excessive noise until you have had time to analyze and take corrective or preventative actions.

  • Increasing the importance of a specific event

Sometimes you might want to closely monitor a specific IP address or a specific port.  You can use policies to generate an alarm whenever events occur that include the IP address or that port without writing a correlation rule.


Add a comment

We used have  Singleton Design Pattern in our applications whenever it is needed. As we know that in singleton design pattern we can create only one instance and can access in the whole application. But in some cases, it will break the singleton behavior.

There are mainly 3 concepts which can break singleton property of a singleton class in java. In this post, we will discuss how it can break and how to prevent those.

Here is sample Singleton class and SingletonTest class.


package demo1;

public final class Singleton {

    private static volatile Singleton instance = null;

    private Singleton() {

    public static Singleton getInstance() {
        if (instance == null) {
            synchronized (Singleton.class) {
                if (instance == null) {
                    instance = new Singleton();
        return instance;

package demo1;

public class SingletonTest {
    public static void main(String[] args) {
        Singleton object1 = Singleton.getInstance();
        Singleton object2 = Singleton.getInstance();
        System.out.println("Hashcode of Object 1 - " + object1.hashCode());
        System.out.println("Hashcode of Object 2 - " + object2.hashCode());

Here is output, you can see it the same hashcode for objectOne and objectTwo

Hashcode of Object 1 - 1836019240
Hashcode of Object 2 - 1836019240

Now we will break this pattern. First, we will use java reflection.


Java  Reflection is an API which is used to examine or modify the behavior of methods, classes, interfaces at runtime. Using Reflection API we can create multiple objects in singleton class. Consider the following example.

package demo1;

import java.lang.reflect.Constructor;

public class ReflectionSingleton {
    public static void main(String[] args)  {

        Singleton objOne = Singleton.getInstance();
        Singleton objTwo = null;
        try {
            Constructor constructor = Singleton.class.getDeclaredConstructor();
            objTwo = (Singleton) constructor.newInstance();
        } catch (Exception ex) {

        System.out.println("Hashcode of Object 1 - "+objOne.hashCode());
        System.out.println("Hashcode of Object 2 - "+objTwo.hashCode());


Example to show how reflection can break the singleton pattern with Java reflect. You will get two hash code as below. It has a break on the singleton pattern.

Hashcode of Object 1 - 1836019240
Hashcode of Object 2 - 325040804

Prevent Singleton pattern from Reflection

There are many ways to prevent Singleton pattern from Reflection API, but one of the best solutions is to throw run time exception in the constructor if the instance already exists. In this, we can not able to create a second instance.

    private Singleton() {
        if( instance != null ) {
           throw new InstantiationError( "Creating of this object is not allowed." );


In serialization, we can save the object of a byte stream into a file or send over a network. Suppose if you serialize the Singleton class and then again de-serialize that object will create a new instance, hence deserialization will break the Singleton pattern.

Below code is to illustrate how the Singleton pattern breaks with deserialization.

Implements Serializable interface for Singleton Class.


package demo1;


public class DeserializationSingleton {

    public static void main(String[] args) throws Exception {

        Singleton instanceOne = Singleton.getInstance();
        ObjectOutput out = new ObjectOutputStream(new FileOutputStream("file.text"));

        ObjectInput in = new ObjectInputStream(new FileInputStream("file.text"));
        Singleton instanceTwo = (Singleton) in.readObject();

        System.out.println("hashCode of instance 1 is - " + instanceOne.hashCode());
        System.out.println("hashCode of instance 2 is - " + instanceTwo.hashCode());

The output is below and you can see two hashcodes.

hashCode of instance 1 is - 2125039532
hashCode of instance 2 is - 381259350

Prevent Singleton Pattern from Deserialization

To overcome this issue, we need to override readResolve() method in Singleton class and return same Singleton instance. Update, with below method.

   protected Object readResolve() { 
           return instance; 

Now run above DeserializationDemo class and see the output.

hashCode of instance 1 is - 2125039532
hashCode of instance 2 is - 2125039532


Using the "clone" method we can create a copy of original object, samething if we applied clone in singleton pattern, it will create two instances one original and another one cloned object. In this case will break Singleton principle as shown in below code.

Implement the "Cloneable" interface and override the clone method in the above Singleton class.

    protected Object clone() throws CloneNotSupportedException  {
        return super.clone();

Then Test with cloning for breaking the singleton

public class CloningSingleton {
    public static void main(String[] args) throws CloneNotSupportedException, Exception {
        Singleton instanceOne = Singleton.getInstance();
        Singleton instanceTwo = (Singleton) instanceOne.clone();
        System.out.println("hashCode of instance 1 - " + instanceOne.hashCode());
        System.out.println("hashCode of instance 2 - " + instanceTwo.hashCode());


Here is the output

hashCode of instance 1 - 1836019240
hashCode of instance 2 - 325040804

If we see the above output, two instances have different hashcodes means these instances are not the same.

Prevent Singleton Pattern from Cloning

In the above code, breaks the Singleton principle i. e created two instances. To overcome the above issue we need to implement/override clone() method and throw an exception CloneNotSupportedException from clone method. If anyone try to create clone object of Singleton, it will throw an exception as see below code.

    protected Object clone() throws CloneNotSupportedException  {
        throw new CloneNotSupportedException();

Now we can run the CloningSingleton class, it will throw CloneNotSupportedException while creating a clone object of Singleton object.


View comments

I am
I am
Total Pageviews
Total Pageviews
2 0 5 7 7 0 6