This article discusses the main components of information security systems and information security incident management. The methods of non-signature, as well as signature analysis of rules and decision-making that are used in such systems are considered. The analysis of existing methods of correlation rules. The main types of each method have been identified.