The event engine performs multiple functions such as incident correlation, suppression, and escalation depending on the network conditions and the administrator configured event policy rules. This improves the operational efficiency of the app-fabric by automatically correlating incidents into an event and the comprehensive event framework control granted by setting the event policies.

The controller analyzes the incoming incidents from the ION devices to determine if they are related and then it aggregates the incidents into a single incident in real time. For example, if the controller receives multiple VPN down incidents, the controller analyzes the incident in real time, determines if they are related, and generates a single Secure Fabric Link incident for the event, while suppressing the original list of incidents.