# Overview

<mark style="color:$success;">**Astral**</mark> is <mark style="color:$success;">**Inopli**</mark>’s SIEM, designed to operate as the core layer for security data analysis, event correlation, and threat detection across modern enterprise environments. It centralizes logs, events, and security signals from multiple sources including infrastructure, applications, identities, cloud services, and hybrid environments transforming large volumes of raw data into structured, correlated, and actionable intelligence. Its primary purpose is to provide continuous visibility into the environment, enabling the timely identification of anomalous behavior, suspicious activity, and potential cyber incidents.

Unlike traditional SIEM platforms, <mark style="color:$success;">**Astral**</mark> was built from the ground up to be natively integrated with the broader <mark style="color:$success;">**Inopli**</mark> ecosystem. Analysis and detection are not isolated capabilities, but part of a continuous operational flow that connects data, context, and action. Event correlation within Astral goes beyond static rules and signatures, incorporating operational context, historical behavior, asset criticality, and signals originating from other Inopli modules. This approach significantly improves detection accuracy while reducing operational noise.

During the **analysis** phase, <mark style="color:$success;">**Astral**</mark> consolidates and normalizes data from heterogeneous sources, applying advanced correlation and enrichment mechanisms. These mechanisms allow security teams to understand not only isolated events, but complete sequences of actions that, when viewed together, indicate real security risk. This contextual analysis is essential to distinguish benign activity from meaningful threats and serves as the foundation for all subsequent stages of the security lifecycle.

**Detection** within Astral combines technical rules with behavioral and contextual evaluations. When suspicious patterns or relevant deviations are identified, Astral generates structured security signals that are automatically propagated to other Inopli capabilities. This design ensures that detections do not remain confined to dashboards or alerts, but instead progress seamlessly through the operational security workflow.

The **identification** of incidents is tightly integrated with Inopli’s **Response** capability. Once Astral correlates events and determines potential impact, the information is forwarded to the response layer, where AI-driven incident handling mechanisms assess severity, context, recurrence, and business impact. This intelligence-assisted process supports consistent prioritization and decision-making while maintaining full traceability.

**Incident response** is orchestrated through the native integration between Astral, the Response capability, and **RPA**, Inopli’s SOAR module. While Astral provides detection and technical context, RPA executes automated or semi-automated actions such as containment, blocking, evidence collection, notifications, and playbook execution. This orchestration reduces response time, minimizes manual effort, and increases operational predictability, while preserving governance and auditability.

Astral also integrates directly with Inopli **DRP**, extending detection beyond the internal perimeter of the organization. External risk signals — such as exposed assets, leaked credentials, malicious domains, or third-party exposures are fed into Astral’s analytical context. This allows external threat intelligence to be correlated with internal activity, providing a more complete view of attack paths and strengthening the organization’s ability to anticipate and respond to emerging risks.

Together, Astral and the other Inopli capabilities form an integrated ecosystem that fully supports the lifecycle of **analysis, detection, identification, and response to cyber incidents**. In this model, the SIEM evolves from a passive log repository into an active, operational component of a security program driven by context, automation, and continuous decision-making.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.inopli.com/astral/overview.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.