Inopli Documentation
  • Getting Started
    • Understanding Inopli
    • First Access
    • Inopli's Features
  • System Settings
    • Configuring the MSS
      • Configuring the MSP's profile
      • Request Categories
      • Policies
      • Managing Integrations
        • ChatGPT
        • Slack
        • Telegram
        • Google Chat
        • E-mail
      • Data Sources
      • Roles
        • Creating a Role
    • Managing Companies
      • Configuring the Company's profile
      • Company's Roles
      • Managing Company's Integrations
      • Monitoring Systems
    • Managing User Access
      • Creating MSP's user accounts
      • Creating end user accounts
  • System Administration
    • Rules
      • Main
      • Monitoring Systems
      • Rule Details
      • Mitre Techniques
      • Playbooks
      • Companies
    • Knowledge Lists
    • Managing MITRE
  • User Guide
    • Dashboards
      • Operational Dashboard
      • Executive Dashboard
      • KPIs Dashboard
      • Alert Management Dashboard
        • Confusion Matrix
    • Incidents
      • Alerts
      • Messages
      • History
      • Rate
      • Playbooks
      • Rules
    • Requests
  • Resources
    • Inopli Correlator
Powered by GitBook
On this page
  1. System Administration

Rules

PreviousCreating end user accountsNextMain

Last updated 1 year ago

Inopli serves as a central hub for operational documents, used to optimize incident processing. This centralization facilitates the documentation and management of correlation rules, making them more accessible and efficient in the operational context.

The system integrates with the alert engine, using the information from the correlation rules to initiate incident procedures. This integration not only allows the automatic opening of incidents based on the generated alerts, but also supports incident grouping strategies. This ensures compliance with recognized market frameworks, ensuring best practices and operational standards.

It is mandatory that the correlation rules are properly configured and active. In the absence of these rules, the system cannot identify the necessary information to open an incident, ignoring the alerts.

Dashboard:

Provides a view of the indicators related to the status of the correlation rules. Users can identify which rules are active and which are inactive, crucial information in the listing of the set of registered rules, and it is possible to add, edit, remove, and deactivate rules, facilitating management and real-time monitoring.

Mind View:

Mind View presents an intuitive visual interface for the correlation between the structure of monitored data sources and the types of events detected during the threat hunting process. Allowing the visualization of the correlation rules registered in the environment. Through this visualization, it is possible to identify gaps resulting from the absence of correlation rules, preventing relevant incidents from going unnoticed.

In the context of MSPs, Mind View plays a critical role, becoming a valuable deliverable for customers.

Overview Dashboard Roles
Overview Mind View