Rule Details

Incident Description

Incident Description: a designated space to insert the description of the incident that will be opened by this correlation rule.

Disable Alert Grouping: This option, when activated, instructs Inopli to open an independent incident for each unique value identified in the grouping field. If this option is deactivated, Inopli will identify multiple attackers responsible for the same incident and group them together.

Grouping

Extremely necessary for the activation of the rule. It determines which field is necessary for Inopli to use in the treatment process, usually the field identifying the origin of the attack, with the possibility of configuring one or more for each SIEM.