Some of the event descriptions says "Correlation available."  What exactly does this mean within EDR?  

Example: Type_ID: 8015 Event Tracing for Windows (ETW) - powershell.exe logged: Correlation available

Release : 4.6.8

Component : Default-Sym

"Correlation Available" means that a file entity or endpoint entity is available so that admins may review the activities of a given file or given endpoint. Based on those other log entries, the admin can decide whether to block the file or endpoint.