Rules
Last updated
Last updated
Inopli serves as a central hub for operational documents, used to optimize incident processing. This centralization facilitates the documentation and management of correlation rules, making them more accessible and efficient in the operational context.
The system integrates with the alert engine, using the information from the correlation rules to initiate incident procedures. This integration not only allows the automatic opening of incidents based on the generated alerts, but also supports incident grouping strategies. This ensures compliance with recognized market frameworks, ensuring best practices and operational standards.
It is mandatory that the correlation rules are properly configured and active. In the absence of these rules, the system cannot identify the necessary information to open an incident, ignoring the alerts.
Provides a view of the indicators related to the status of the correlation rules. Users can identify which rules are active and which are inactive, crucial information in the listing of the set of registered rules, and it is possible to add, edit, remove, and deactivate rules, facilitating management and real-time monitoring.
Mind View presents an intuitive visual interface for the correlation between the structure of monitored data sources and the types of events detected during the threat hunting process. Allowing the visualization of the correlation rules registered in the environment. Through this visualization, it is possible to identify gaps resulting from the absence of correlation rules, preventing relevant incidents from going unnoticed.
In the context of MSPs, Mind View plays a critical role, becoming a valuable deliverable for customers.