Inopli Documentation
  • Getting Started
    • Understanding Inopli
    • First Access
    • Inopli's Features
  • System Settings
    • Configuring the MSS
      • Configuring the MSP's profile
      • Request Categories
      • Policies
      • Managing Integrations
        • ChatGPT
        • Slack
        • Telegram
        • Google Chat
        • E-mail
      • Data Sources
      • Roles
        • Creating a Role
    • Managing Companies
      • Configuring the Company's profile
      • Company's Roles
      • Managing Company's Integrations
      • Monitoring Systems
    • Managing User Access
      • Creating MSP's user accounts
      • Creating end user accounts
  • System Administration
    • Rules
      • Main
      • Monitoring Systems
      • Rule Details
      • Mitre Techniques
      • Playbooks
      • Companies
    • Knowledge Lists
    • Managing MITRE
  • User Guide
    • Dashboards
      • Operational Dashboard
      • Executive Dashboard
      • KPIs Dashboard
      • Alert Management Dashboard
        • Confusion Matrix
    • Incidents
      • Alerts
      • Messages
      • History
      • Rate
      • Playbooks
      • Rules
    • Requests
  • Resources
    • Inopli Correlator
Powered by GitBook
On this page
  • Incident Description
  • Grouping
  1. System Administration
  2. Rules

Rule Details

PreviousMonitoring SystemsNextMitre Techniques

Last updated 1 year ago

Incident Description

Incident Description: a designated space to insert the description of the incident that will be opened by this correlation rule.

Disable Alert Grouping: This option, when activated, instructs Inopli to open an independent incident for each unique value identified in the grouping field. If this option is deactivated, Inopli will identify multiple attackers responsible for the same incident and group them together.

Grouping

Extremely necessary for the activation of the rule. It determines which field is necessary for Inopli to use in the treatment process, usually the field identifying the origin of the attack, with the possibility of configuring one or more for each SIEM.

Incident Description Stage
Grouping Stage