A security team is designing an XSIAM deployment and wants the platform to automatically correlate alerts, endpoint activity, and network logs into a single incident view. Which XSIAM capability primarily provides this outcome?