Inopli Documentation
  • Getting Started
    • Understanding Inopli
    • First Access
    • Inopli's Features
  • System Settings
    • Configuring the MSS
      • Configuring the MSP's profile
      • Request Categories
      • Policies
      • Managing Integrations
        • ChatGPT
        • Slack
        • Telegram
        • Google Chat
        • E-mail
      • Data Sources
      • Roles
        • Creating a Role
    • Managing Companies
      • Configuring the Company's profile
      • Company's Roles
      • Managing Company's Integrations
      • Monitoring Systems
    • Managing User Access
      • Creating MSP's user accounts
      • Creating end user accounts
  • System Administration
    • Rules
      • Main
      • Monitoring Systems
      • Rule Details
      • Mitre Techniques
      • Playbooks
      • Companies
    • Knowledge Lists
    • Managing MITRE
  • User Guide
    • Dashboards
      • Operational Dashboard
      • Executive Dashboard
      • KPIs Dashboard
      • Alert Management Dashboard
        • Confusion Matrix
    • Incidents
      • Alerts
      • Messages
      • History
      • Rate
      • Playbooks
      • Rules
    • Requests
  • Resources
    • Inopli Correlator
Powered by GitBook
On this page
  1. System Settings
  2. Configuring the MSS

Data Sources

PreviousE-mailNextRoles

Last updated 1 year ago

In the this section, users have the capability to configure and manipulate various data sources, which generate information in the form of events. These data are captured by the Security Information and Event Management (SIEM). Once collected, they are processed and analyzed to determine whether they constitute a security incident or not. This decision depends on the analysis conducted by the alert handling engine, which is configurable to meet specific criteria.

Users can view a paginated list of all created data sources. This screen provides the functionality to filter data sources based on their status, whether active or inactive. This initial dashboard is designed to facilitate the administration of data sources, allowing users to change the status, edit the settings of a specific data source, or delete it with just a few clicks.

Data Source is any location, system, or device where data is generated or stored. This includes servers, network devices, applications, databases, file systems, and even cloud services. It is used as feeding security tools and systems with real-time or near-real-time information. This includes Intrusion Detection and Prevention Systems (IDS/IPS), Security Information and Event Management (SIEM) systems, and network behavior analysis solutions.

Creating a Data Source

Identification

When creating a data source, it's essential to provide a name and description.

Event Types

It is possible to associate patterns of events (event types) detected in a data source, which share a history or similar behavior, with the goal of identifying and mapping anomalies. These patterns will serve as a reference in the development of correlation rules. This significantly enhances the efficiency of processing and uniformity in incident generation, contributing to a quicker and more accurate response to potential threats.

Event Type is a classification used to describe the nature of an event detected by data sources. Help security analysts understand what happened, why it happened, and how it should be addressed. It can be classified into various categories, such as unauthorized access attempts, system failures, configuration changes, suspicious network activities, application errors, and others. Each category represents a distinct event type with specific implications for security.

Config Files

It functions as a repository containing files used to ensure normalization and standardization among clients during the implementation of the SIEM, which will be involved in processing correlation rules. It is possible to load files in .xml, .config, or .json formats. Additionally, the system allows for the consultation of previously modified versions of these configuration files, facilitating the management of changes over time.

Data Sources Overview
Identification Stage
Eventy Types Stage
Config Files Stage