Inopli's Features

SIEM Management

Inopli revolutionizes the way SIEM solutions are configured and deployed. With an innovative approach, Inopli offers automated installation, minimizing the need for manual intervention and significantly reducing errors. Provide an easy and effective integration with any existing SIEM solution, unifying the management and visibility of active SIEMs.

Automated Triage

With its advanced capability to eliminate up to 97.5% of false-positive alerts, Inopli demonstrates remarkable intelligence in identifying and discarding duplicate and irrelevant alerts. This process transforms the alert triage into an automatic and highly efficient operation. The responses and investigations of alerts are equally automated, with rules that speed up the process and eliminate redundancies, resulting in a significant reduction in workload.

To achieve this efficiency, Inopli relies on a set of six critical criteria to identify behaviors and determine the need for automation.

Critical criteria to identify the need for automation

  • Is the same attack generating a considerable number of alerts?

  • Is the alert associated with a larger-scale attack?

  • Does the alert refer to an incident waiting for resolution, currently being treated, or a previously resolved incident?

  • Can the alert be evaluated based on existing security intelligence?

  • Is the alert related to a documented correlation rule?

  • Is the documentation of the correlation rule adapted to the impacted client?

These criteria allow Inopli to accurately identify the nature and relevance of each alert, ensuring a rapid and precise response. At the same time, the platform adapts its functionality to meet the specific needs of each client. The result is a more effective, agile, and reliable cybersecurity environment for organizations of all sizes.

Incident Management

Inopli enables meticulous tracking of SLAs, ensuring that each incident is managed according to established service priorities. Through its sophisticated interface, users can trace the complete trajectory of each incident, observing all changes in real-time.

Inopli stands out for its ability to organize the priority queue based on a severity standard, dynamically adjusting to the specific needs of each client. This approach ensures that the most critical incidents are addressed with the necessary urgency, optimizing response and resolution.

In addition to offering both a macro and micro view of the service process, Inopli enhances the efficiency of analysts by directly linking incidents to their respective playbooks. This integration significantly accelerates response time, allowing analysts to focus on solving problems with maximum efficacy.

Documents Management

Inopli empowers users to efficiently create and manage correlation rule documentation. These rules are vital for classifying and prioritizing incidents, enabling more effective monitoring and a quick, accurate response to potential threats. Thanks to its flexible and adaptable design, Inopli's correlation rules can be easily integrated into any SIEM (Security Information and Event Management) system, significantly enhancing interoperability with various security monitoring solutions.

Furthermore, Inopli offers robust features for creating and managing incident response playbooks. These playbooks cover all stages of the incident response lifecycle, from initial detection and analysis to containment, eradication, and recovery. Having detailed and well-documented procedures is crucial not only for providing clear guidance to security analysts but also for ensuring the uniform application of best security practices. This not only increases operational efficiency but also ensures compliance with corporate regulations and industry standards.

Process Automation

By automating the Threat Hunting process, the Security Operations Center (SOC) team is liberated to focus on more complex challenges and high-level tasks. Inopli plays a crucial role in this respect, adopting a proactive strategy in identifying new correlation rule opportunities. Utilizing advanced and predefined scripts, it analyzes large volumes of data from monitored sources, searching for innovative and significant correlations. Upon discovering a potential correlation, Inopli integrates this finding into its rich knowledge base and signals to the specialized team the need to develop and implement the rule in the system.

In the SIEM (Security Information and Event Management) Management phase, Inopli employs a specialized agent to oversee the health of servers running solutions like SIEM. This aspect is fundamental for the early identification of failures or disruptions. Through carefully crafted scripts, Inopli performs detailed health assessments, detecting anomalies with exceptional precision. In adverse situations or upon the emergence of problems, Inopli ensures immediate communication with the responsible team, providing a quick and efficient response, crucial for maintaining the security and integrity of the system.

Quality Management

It is possible to track the efficiency and performance metrics of the system and the team through performance indicators already configured in the Inopli dashboards. Among these indicators, there are:

MTTD (Mean Time to Detect)

This is the average time required to detect a problem after it has occurred. A reduction in this time implies faster identification and response to incidents, minimizing potential damages.

MTTR (Mean Time to Respond)

This is the average time it takes to respond to an incident after it has been detected. A shorter MTTR indicates a more agile and prepared team to handle incidents.

MTTC (Mean Time to Contain)

This is the average time to contain an incident once it has been identified. A reduction in this time limits the spread of damage.

MTTR (Mean Time to Repair)

This is the average time required to fix an issue after it has been contained. A reduction in this time can lead to quicker recovery and fewer service interruptions.

Compliance with SLA (Service Level Agreement)

This metric highlights the proportion of cases where the agreed-upon service levels were met. It plays a vital role both in ensuring customer satisfaction and in preventing contractual issues.

Number of Incident Response Playbooks

This is the total number of Incident Response Playbooks implemented in Document Management, reflecting the team's ability to handle a variety of situations.

Workload Reduction

This metric shows the amount of work saved through automation and other efficiencies.

Incident Response Playbooks Coverage

This indicator measures the percentage of Correlation Rules that have documented Incident Response Playbooks. A high percentage reflects thorough preparation and a more structured response system.

Qualitative Assessment in Inopli

For a qualitative assessment, Inopli has implemented a feedback system within Incident Management. This system tracks the progress of operational maturity through adaptable metrics, allowing leadership and senior cybersecurity staff to thoroughly assess team performance. The assessment process is divided into 3 stages for a comprehensive and fair analysis. An incident response rating, ranging from 1 to 5 stars, is generated based on this assessment. This rating serves as an immediate indicator of performance and response quality.

Inopli uses this data to establish quality indicators for each analyst's incident response. These indicators support ongoing, in-depth analysis of team effectiveness, help identify areas for improvement, and track progress over time.

Request Management

Inopli features an advanced automated system for evaluating standard requests, offering instant and accurate analyses. This functionality ensures that all client requests are handled with agility and efficiency, maximizing customer satisfaction and operational effectiveness.

Through centralized management, we facilitate collaboration and communication within your team, providing continuous and high-quality service to clients. This system ensures that the entire cybersecurity operations team acts in a synchronized and cohesive manner, addressing client needs with a unified and well-coordinated strategy. Therefore, our integrated approach optimizes the management of client requests, making the process more efficient and less prone to errors or delays. Our solution is designed to simplify and speed up customer service, ensuring fast and precise responses to all requests.

MITRE Integration

The automated assessment of MITRE ATT&CK provides a clear and comprehensive view of your organization's cybersecurity landscape. Consequently, all security incidents are tagged with the MITRE domain, aligning with the customer's individualized MITRE map. This enables your cybersecurity team to:

  • Evaluate and enhance the maturity of your continuous monitoring.

  • Gain in-depth knowledge of Tactics, Techniques, and Procedures (TTPs).

  • Implement proactive threat hunting measures, increasing the chances of prompt breach detection.

This strategic perspective on monitoring maturity offers valuable insights into the organization's readiness to handle existing and emerging threats. It empowers security teams to focus on continuous improvements, thereby strengthening the overall cyber resilience of the organization.

PreviousFirst AccessNextConfiguring the MSS

Last updated