This article provides a description of sign-in process and quick glance through multiple features of Resolution Intelligence Cloud in a single page.
Resolution Intelligence Cloud is a secure operations platform that helps enterprises transform digital operations. It brings together the best of human expertise and machine intelligence (Artificial Intelligence/ Machine Learning) to promote fast and reliable resolutions. Resolution Intelligence Cloud is a native SaaS platform that powers high-performing secure operations at scale. It takes a proactive and predictive approach to secure operations by incorporating security into every layer of operations.
Why Resolution Intelligence Cloud?
Our Resolution Intelligence Cloud streamlines threat detection and response, and site reliability engineering (SRE). It reduces MTTR and lowers dependency on in-house experts. Our solutions enable businesses to reduce operational noise, eliminate silos, increase collaboration, and prioritize problems. Our users can focus on business criticality and speed up remediation while maintaining their security posture.
Accessing the Resolution Intelligence Cloud
This section helps you learn the basics of accessing the Resolution Intelligence Cloud.
For first-time users, refer to this documentation.
Signing in
To sign into the platform,
- Go to Resolution Intelligence login page
- Enter your registered email address
- Click Continue
- Open the authenticator (either Microsoft or Google Authenticator) on your mobile phone
- Enter One-time code that appears on your authenticator app
- Click Continue
- Select Text (xxxxxxxx19) or Call (xxxxxxxx19) that you have already registered your phone number in the platform. A six-digit passcode will be received on your registered phone number
- Enter Six-digit passcode in the given field
- Click Sign in.
Resolution Intelligence at a Glance
After signing in, you are directed to the home page of Resolution Intelligence Cloud, where you can see various offerings:
- Insights: gives you analytics of your organization's infrastructure data relevant to digitalops and security.
- Resolutions: Netenrich Resolutions enable you to take firm decisions based on the conclusions derived from the data, which comes from multiple sources.
- Configurations: This tab helps you to configure multiple configurations, such as managing users, Rules, Services, Escalation policies, ActOn policies, and Correlation policies.
- Timezone: You can see your local time based on the location where you are logged on at the top right corner of the landing screen.
- Account Switcher: Here If you logged in as a partner user, you could view your multiple tenant users. If you logged in as a tenant user, you could not view either the organization or other tenants.
- Profile: Here you can see your profile details - name, role, title, local time zone, contact information, and escalation settings.
Navigating the Resolution Intelligence Cloud
This section helps you navigate the main sections and menu items while working with the platform. To reach the platform, log into your account and explore the various features.
Exploring the Landing Page
After signing in, you are directed to the landing page, which is, essentially, your account homepage.
- Reach the Home Page: This page contains the following dashboards.
-
- Resolution Intelligence@work: These dashboards give you an overview of the direct value the platform is bringing to you. The relevant widgets are listed in this page.
- Detection Coverage: The detection coverage page transpires an end-to-end integrated view of your IT environment, the different classes of assets being monitored, and the various category of checks and statuses within these classes, all of which the compounded in real-time to assess an impact. The detection coverage page is a simplified view of the proprietary ontology deployed for you. For more information on widgets, visit here.
- AIOps: A set of widgets measuring the performance AIOps over the signals ingested. For more information on widgets, visit here.
Note: You can switch to the above dashboard areas by clicking on the respective buttons.
2. Switch to Tenant if you are an Organization user
3. Access the Profile section, which allows you to access the following features:
-
- View your Profile,
- Access the Admin Console – only if you are an Administrator.
This is where you can manage your account and associated assets - Log out
The Left Navigation Menu
The Left Navigation Menu items vary based on the selection of your tenant account type.
On the home page, we have the following items in the Left Navigation Menu. To view/hide the Left Navigation Menu, click Right Arrow (-->)/ Left Arrow (<--) in the Home page.
- Operations
- Overview - The overview dashboard gives you general insights into the operations performed.
- Major Situations - Provides insights into all the major situations that are impacting tenant operations.
- Wellness - Insights on the maintenance activities that are ongoing to prevent any outages in your organization's infrastructure.
- Noise Reduction - Activities associated with noise reduction (AIOps, Auto validation, Auto resolution, etc.).
- Requests - Track all the service-level requests created by the end user.
- Signal & Situation Browser - Tracks the number of situations per device category and its subcategory.
- Security
- Threat Detection- gives you an ideal way of mapping MITRE tactics & techniques to detect threats, the total number of situations generated from different signals, and how an analyst responded to each situation.
- Threat Hunting - helpful to track where different threats are present and how they arrive in an organization's IT infrastructure.
- Attack Surface Exposures - includes a dashboard that shows different widgets that consist of risk scores associated with each threat, the discovery of risky assets, exposed services to digital attacks, and risks detected from different sources - AWS, Amazon, Google Cloud, and others.
- Signal Analytics - enables security analysts to uncover hidden patterns, correlations, and anomalies, thereby enhancing threat detection and response.
- Behavior Analytics - uses data and analytical modeling to understand how users interact and communicate with systems.
- Entities/Assets
- Asset Overview - The number and type of assets are available in the Resolution Intelligence Cloud.
- Asset Details - Asset details such as Operating System (OS) type, version, BIOS version, etc. are displayed. This widget displays the summary and visualization of onboarded assets.
- Visibility
- Ingestion Health - With Resolution Intelligence's ingestion health dashboard, you can monitor the data ingested from potential sources - Microsoft Azure, Amazon Cloud trail, and Google Chronicle and quickly understand the type and amount of data we have.
- Detection Coverage - The percentage of rules that can detect against MITRE tactics & techniques matrix based on the data that you ingest into your Chronicle account. The amount of quality data that you have currently which in turn helps you to ingest sufficient data sources to enhance the rule detection against MITRE tactics & techniques matrix.
- Dashboards & Reports- includes creating & customizing dashboards and reports, exporting dashboards and their widgets to PDF, PPT, and Excel according to the user requirements.
Exploring the Resolutions
This tab consists of the following items to help you know the type of ActOns (Ops and Security) that are receiving, the number of signals correlating to a Situation, and the automation of change requests.
- ActOns - a Situation relevant to security and digital ops for which you need to act upon to remediate the issue caused in your organization's IT infrastructure.
- Situations - provide context to issues, and allow you to quickly identify, triage, and remediate problems before they become severe.
- Signals - a detection received from monitoring tools and reported to Resolution Intelligence.
Exploring the Configurations
To navigate to this tab, click Configurations in the top menu, and the following items appear in the left navigation menu.
- Overview - contains the user name, contact information, and company details. You can edit the settings and your profile information.
- Usage & Limits - provides a detailed view of resource consumption based on your subscription plan. This feature lets you know the consumption of resources such as users, signals, ingested volume, assets & entities, devices monitored, employee count, organizations, and tenants.
- Subscriptions - view a detailed list of subscription plans and add-ons that you have purchased in your account.
- Authentication - includes authenticating users through Azure AD, OKTA Workforce, Azure AD (SAML), GSuite (SAML), Okta Workforce (SAML), and ADFS.
- Organizations - add your organizations if you are a domain user.
- Tenants - includes adding tenant details like company name, web address, and subscriptions. In addition, create users and assign access to them.
- Users - includes adding users and assigning access to them.
- Functions - a function represents a component, microservice, application, or infrastructure that a team manages and monitors.
- API Keys - Register your app with Resolution Intelligence Cloud and generate API keys to consume multiple APIs - Accounts, Signals and ActOns.
- Integrations - include potential source systems such as Azure, AWS, ServiceNow, Logic Monitor, Google Cloud, Chronicle, and many more to receive the signal into the Resolution Intelligence Cloud.
- Forwarders - download and install Chronicle forwarders to ingest on-premise data to the cloud.
- Log & data Ingestion: Ingest telemetry data from GCP, AWS, Crowdstrike Falcon, and CarbonBlack databases.
- Parsers - configure the supported parsers to convert telemetry data into a unified data model format to extract insights from the data.
- Log Source Monitors - configure multiple log source monitors to get notified when no data is ingested to the Chronicle from different sources for a specified period.
- Entity Enrichment Policies - define a set of rules to enrich the incoming data, originates from Google Cloud, Amazon AWS, Azure, OpsRamp, with more comprehensive details derived from preconfigured attributes, funtions and tags which in turn provide insightful data.
- Reference Lists - create a reference list with whitelisted IPs and domains critical to the organization and use this list while configuring threat feeds and/or detection policies to send a signal when the rule conditions are met.
- Content Packs - create packs and associate them with one or more detection policies to detect complex threats in highly complicated IT enterprises.
- Detection Policies - define rules using YARA-L language to detect threats in the IT environment.
- Threat Feeds - Curate a list of threats related to malicious activity within an organization and push them to Chronicle to analyze and detect upcoming risk.
- Processing Rules - a specialized feature that helps you share helpful information and useful resources to optimize the process of sending signals to users.
- Correlation Policies - to correlate similar threats over a network into a single Situation to reduce network traffic and improve the efficiency of a support team to mitigate the issues faster.
- ActOn Policy - a set of rules that consist of several conditional expressions that will help transform the incoming signal into a situation.
- Scoring - Templatization Rules - a customized approach to defining rules for ActOn resolution based on the score of each Situation.
- Status Mapping - define a custom status and assign it with an ActOn to match your needs.
- Notifications - configure notifications when and how to send an alert to users when a signal is triggered from the monitoring systems via email or webhook. Use customized templates to include the subject and body of an email, and define policies to control the flow of notifications to the users.
- Schedules - to display the status of a user, like how long the user has been on the call, which group and shifts they are currently on call for, and when the next on-call will be.
- Escalation Policies - to automate situation assignment and connect services to individual users and/or schedules.
- Activity Logs - provide a comprehensive record of actions and events that are performed by users within the platform. These logs are essential for tracking user activities and monitoring system events.
- Notification Logs - records that are generated when notification policy conditions are met according to the defined criteria and sent to users within the Resolution Intelligence Cloud.
- Asset Onboarding - on-boarding digital assets is an essential step to start monitoring the performance of the devices to improve and standardize your business activities
- Chronicle CMS- includes adding and customizing detection rules, parsers, reference lists, and content packs.
- Asset Monitoring - continuous supervision of the assets without manual intervention to find and notify the impediments that slow down their performance.
Comments
0 comments
Please sign in to leave a comment.