Creating a correlation rule defining a relationship between event types

What is claimed is: 1. A method comprising: by a system having a processor: receiving events that occurred in an infrastructure technology (IT) infrastructure comprising hardware components; identifying a specific occurrence of a pattern of event types in the received events, the pattern of event types including a first event type and a second event type; identifying a first configuration item (CI) associated with the first event type and a second CI associated with the second event type; validating that a relationship exists between the first CI and the second CI; abstracting the first CI and the second CI to a CI class level by: identifying a first CI class associated with the first event type according to a class property of the first CI; and identifying a second CI class associated with the second event type according to a class property of the second CI; and creating a correlation rule correlating the first event type to the second event type based on the validated relationship that exists between the first CI associated with the first event type and the second CI associated with the second event type, wherein the correlation rule relates the first CI class to the second CI class; and determining, using the correlation rule, a cause of a symptom event in the IT infrastructure. 2. The method of claim 1 , wherein validating that the relationship exists between the first CI and the second CI comprises: accessing an information repository that describes relationships between configuration items. 3. The method of claim 1 , wherein validating that the relationship exists between the first CI and the second CI comprises: accessing a topology graph of configuration items that represents configuration items as nodes and defines relationships between the configurations items through links between the nodes; and validating the relationship exists between the first CI and the second CI responsive to determining there are less than a threshold number of hops between a node representing the first CI and a node representing the second CI. 4. The method of claim 1 , wherein validating that the relationship exists between the first CI and the second CI comprises: accessing a semantics database defining relationships between configuration items. 5. The method of claim 1 , further comprising: determining a topology of the relationship between the first CI and the second CI; and specifying the determined topology as part of the correlation rule. 6. The method of claim 5 , wherein the topology comprises: a containment relationship indicating the first CI contains the second CI; or an intermediate object relationship indicating the first CI is related to the second CI through an intermediate object. 7. A system comprising: a storage medium to store a collection of events that have occurred within an information technology (IT) infrastructure comprising hardware components; and a processor to: identify plural occurrences of a particular pattern of event types occurring in the collection of events, the pattern of event types including an event pair of a first specific event of a first event type and a second specific event of a second event type; identify an instance of a configuration item (CI) associated with the first specific event of the first event type; identify an instance of a CI associated with the second specific event of the second event type; abstract the first CI and the second CI to a CI class level through: identification of a first CI class associated with the first event type according to a class property of the first CI; and identification of a second CI class associated with the second event type according to a class property of the second CI; and determine whether a relationship exists between the first CI class associated with the first specific event and the second CI class associated with the second specific event; when the relationship exists: create a correlation rule correlating the first event type associated with the first CI class and the second event type associated with the second CI class; and determine, using the correlation rule, a cause of a symptom event in the IT infrastructure; and when the relationship does not exist: determine not to correlate the first event type and the second event type. 8. The system of claim 7 , wherein the processor is further to: determine a topology relationship between the first CI class and the second CI class; and specify the topology relationship as part of the correlation rule. 9. The system of claim 8 , wherein the topology relationship comprises: a containment relationship indicating the first CI class contains the second CI class; or an intermediate object relationship indicating the first CI class is related to the second CI class through an intermediate object. 10. The system of claim 7 , wherein the processor is to determine whether the relationship exists by: accessing a topology graph of configuration items that represents configuration items as nodes and defines relationships between the configurations items through links between the nodes; and determining the relationship exists responsive to determining there are less than a threshold number of hops between a node representing the instance of the CI associated with the first specific event and a node representing the instance of the CI associated with the second specific event. 11. The system of claim 10 , wherein the processor is to determine whether the relationship exists further by: determining the relationship does not exist responsive to determining there is no path between the node representing the instance of the CI associated with the first specific event and the node representing the instance of the CI associated with the second specific event with a path length that is less than a predefined number of hops. 12. The system of claim 7 , wherein the processor is to determine whether the relationship exists by: accessing a topology graph of configuration items that represents configuration items as nodes and defines relationships between the configurations items through links between the nodes; determining the relationship exists responsive to determining a path in the topology graph exists between a node representing the instance of the CI associated with the first specific event and a node representing the instance of the CI associated with the second specific event; and determining the relationship does not exist responsive to determining no path exists between the node representing the instance of the CI associated with the first specific event and the node representing the instance of the CI associated with the second specific event. 13. A non-transitory machine-readable storage medium comprising instructions executable by a processor to: access a collection of events that have occurred in an information technology (IT) infrastructure comprising hardware components; determine that plural occurrences of a particular pattern of event types are present in the collection of events, the particular pattern of event types including an event pair of a first specific event of a first event type and a second specific event of a second event type; and determine that the number of the plural occurrences exceed a predefined threshold, and in response, create a correlation rule correlating the first event type and the second event type by: identifying configuration item (CI) pairs among the plural occurrences, each CI pair including a first configuration item associated with a specific event of the first event type and a second configuration item associated with a specific