# Response Module

The <mark style="color:green;">Inopli DRP module</mark> is tightly integrated with the <mark style="color:green;">Inopli Response module</mark> to ensure that identified threats are not only detected but also managed through structured operational workflows. Once a monitoring profile is active and findings begin to surface, each signal is enriched and classified. Findings presented to the security team or analysts can be marked as true positives, false positives, or benign.

When a <mark style="color:green;">**true positive**</mark> is confirmed by an analyst or an automated rule, the system automatically triggers an escalation process by interfacing with the <mark style="color:green;">**Response module**</mark>. This process results in the <mark style="color:green;">**automatic creation of a security incident**</mark>, which is then assigned to the operations team for handling and resolution.

Each incident contains:

* The original finding and all correlated evidence
* Enrichment metadata from the DRP engine (e.g., entity match, severity, exposure level)
* Audit logs of analyst action (who validated and when)
* Links to response playbooks and historical context if applicable

This seamless integration ensures that threat signals are actionable and traceable, closing the loop between <mark style="color:green;">**detection and response**</mark>. It also helps maintain response consistency and reduces the likelihood of missing relevant threats due to manual friction or communication delays.