Inopli Documentation
  • Getting Started
    • Understanding Inopli
    • First Access
    • Inopli's Features
  • System Settings
    • Configuring the MSS
      • Configuring the MSP's profile
      • Request Categories
      • Policies
      • Managing Integrations
        • ChatGPT
        • Slack
        • Telegram
        • Google Chat
        • E-mail
      • Data Sources
      • Roles
        • Creating a Role
    • Managing Companies
      • Configuring the Company's profile
      • Company's Roles
      • Managing Company's Integrations
      • Monitoring Systems
    • Managing User Access
      • Creating MSP's user accounts
      • Creating end user accounts
  • System Administration
    • Rules
      • Main
      • Monitoring Systems
      • Rule Details
      • Mitre Techniques
      • Playbooks
      • Companies
    • Knowledge Lists
    • Managing MITRE
  • User Guide
    • Dashboards
      • Operational Dashboard
      • Executive Dashboard
      • KPIs Dashboard
      • Alert Management Dashboard
        • Confusion Matrix
    • Incidents
      • Alerts
      • Messages
      • History
      • Rate
      • Playbooks
      • Rules
    • Requests
  • Resources
    • Inopli Correlator
Powered by GitBook
On this page
  • Identification
  • Data Source
  • Integration
  • Relations
  1. System Administration
  2. Rules

Main

PreviousRulesNextMonitoring Systems

Last updated 1 year ago

It is the first stage for create a rule correlation.


Identification

ID: Each rule is automatically identified by an ID, which

Language: The system allows versions in different languages within the same profile, providing a customized consultation according to the user's language preference.

Name: Serves for the direct identification of the rule.

Attack: Defines the attack vector that the rule aims to prevent or mitigate.

The name and attack fields are essential for integration with systems like ChatGPT, facilitating the automatic filling of playbooks and rule details.


Data Source

Data Source: Identifies the data source of the selected correlation rule.

Event Type: There are two main types of events in information security:

  • Security Intelligence Events: Associated with data sources that have security intelligence (e.g., endpoint protection or application firewalls) and are usually linked to specific threats. These do not require complex correlation rules for anomaly identification.

  • Non-Security Intelligence Events: Related to data sources without security intelligence (e.g., operating systems), which require more complex correlation rules. In these cases, the analyst must create custom event types for these data sources.


Integration

It is possible to prepare the rule for one or more monitoring solutions. The selection of vendors directly impacts the listing of relationships and grouping rules (grouping rules).


Relations

This functionality provides the system with information about which SIEM rule relates to the correlation rule. This allows for more efficient management and an integrated view of security policies.


Identification Stage
Data Source Stage
Integration Stage
Relations Stage
is generated according to the prefix set during the MSP configuration.