Resolution Intelligence is a secure operations platform that helps enterprises transform digital operations. It brings together the best of human expertise and machine intelligence (Artificial Intelligence/Machine Learning) to promote fast and reliable resolutions. Resolution Intelligence Cloud is a native SaaS platform that powers high-performing secure operations at scale. It takes a proactive and predictive approach to secure operations by incorporating security into every layer of operations.
Why Resolution Intelligence Cloud?
Our Resolution Intelligence streamlines threat detection and response, and site reliability engineering (SRE). It reduces MTTR and lowers dependency for in-house experts. Our solutions enable businesses to reduce operational noise, eliminate silos, increase collaboration, and prioritize problems. Our users can focus on business criticality, and speed up remediation while maintaining their security posture.
Accessing the Resolution Intelligence Cloud
This section helps you to know the basics to access Resolution Intelligence Cloud.
For the first time users, refer this documentation.
To sign into the platform,
- Go to Resolution Intelligence login page
- Enter your registered email address
- Click Continue
- Open the authenticator (either Microsoft or Google Authenticator) on your mobile phone
- Enter One-time code that appears on your authenticator app
- Click Continue
- Select Text (xxxxxxxx19) or Call (xxxxxxxx19) that you have already registered your phone number in the platform. A six-digit passcode will be received on your registered phone number
- Enter Six-digit passcode in the given field
- Click Sign in.
Resolution Intelligence at a Glance
After signing in, you are directed to the home page of Resolution Intelligence where you can see various offerings:
- Insights: gives you analytics of your organization's infrastructure data relevant to digital ops and security.
- Resolutions: Netenrich Resolutions enable you to take firm decisions based on the conclusions derived from the data which comes from multiple sources.
- Configurations: This tab helps you to configure multiple configurations such as managing users, Rules, Services, Escalation policies, ActOn policies, and Correlation policies.
- Timezone: You can see your local time based on the location where you are logged on at the top right corner of the landing screen.
- Account Switcher: Here If you logged in as a partner user, you could view your multiple tenant users. If you logged in as a tenant user, you could not view either the organization or other tenants.
- Profile: Here you can see your profile details - name, role, title, local time zone, contact information, and escalation settings.
Navigating the Resolution Intelligence Cloud
This section helps you navigate the main sections and menu items while working with the platform. To reach the platform, log into your account and explore the various features.
Exploring the Landing Page
After signing in, you are directed to the landing page, which is, essentially, your account homepage.
- Reach the Home Page: This page contains the following dashboards.
- Resolution Intelligence@work: These dashboards give you an overview of the direct value the platform is bringing to you. The relevant widgets are listed in this page.
- Detection Coverage: The detection coverage page transpires an end-to-end integrated view of your IT environment, the different classes of assets being monitored, and the various category of checks and statuses within these classes, all of which the compounded in real-time to assess an impact. The detection coverage page is a simplified view of the proprietary ontology deployed for you. For more information on widgets, visit here.
- AIOps: A set of widgets measuring the performance AIOps over the signals ingested. For more information on widgets, visit here.
Note: You can switch to the above dashboard areas by clicking on the respective buttons.
2. Switch to Tenant if you are an Organization user
3. Access the Profile section, which allows you to reach the following features:
- View your Profile,
- Access the Admin Console – only if you are an Administrator.
This is where you can manage your account and associated assets
- Log out
The Left Navigation Menu
The Left Navigation Menu items vary based on the selection of your tenant account type.
On the home page, we have the following items in the Left Navigation Menu. To view/hide the Left Navigation Menu, click Right Arrow (-->)/ Left Arrow (<--) in the Home page.
- Overview - The overview dashboard gives you general insights into the operations performed.
- Major Situations - Provides insights into all the major situations that are impacting tenant operations.
- Wellness - Insights on the maintenance activities that are ongoing to prevent any outages in your organization's infrastructure.
- Noise Reduction - Activities associated with noise reduction (AIOps, Auto validation, Auto resolution, etc.).
- Requests - Track all the service-level requests created by the end user.
- Signal & Situation Browser - Tracks the number of situations per device category and its subcategory.
- Threat Detection- gives you an ideal way of mapping MITRE tactics & techniques to detect threats, the total number of situations generated from different signals, and how an analyst responded to each situation.
- Threat Hunting - helpful to track where different threats present and how these threats arrive in an organization's IT infrastructure.
- Attack Surface Exposures - includes a dashboard that shows different widgets that consist of risk scores associated with each threat, the discovery of risky assets, exposed services to digital attacks, and risks detected from different sources - AWS, Amazon, Google Cloud, and others.
- Signal Analytics - enables security analysts to uncover hidden patterns, correlations, and anomalies, thereby enhancing threat detection and response.
- Behavior Analytics - uses data and analytical modeling to understand how users interact and communicate with the systems.
- Ingestion Health - With Resolution Intelligence's ingestion health dashboard, you can monitor the data ingested from potential sources - Microsoft Azure, Amazon Cloud trail, and Google Chronicle and quickly understand the type and amount of data we have.
- Detection Coverage - The percentage of rules that can detect against MITRE tactics & techniques matrix based on the data that you ingest into your Chronicle account. The amount of quality data that you have currently which in turn helps you to ingest sufficient data sources to enhance the rule detection against MITRE tactics & techniques matrix.
- Dashboards & Reports- includes creating & customizing dashboards and reports, exporting dashboards and their widgets to PDF, PPT, and Excel according to the user requirement.
Exploring the Resolutions
This tab consists of the following items to help you know the type of ActOns (Ops and Security) that are receiving, the number of signals correlating into a situation, and the automation of change requests.
- ActOns - a situation relevant to security and digital ops for which you need to act upon to remediate the issue caused in your organization's IT infrastructure.
- Situations - provide context to issues, and allow you to quickly identify, triage, and remediate problems before they become severe.
- Signals - a detection received from monitoring tools and reported to Resolution Intelligence.
Exploring the Configurations
To navigate to this tab, click Configurations in the top menu, and the following items appear in the left navigation menu.
- Overview - contains the user name, contact, and company details. You can edit the settings and your profile information.
- Usage & Limits - provides a detailed view of resource consumption based on your subscription plan. This feature lets you know the consumption of resources such as users, signals, ingested volume, assets & entities, devices monitored, employee count, organizations, and tenants.
- Subscriptions - view a detailed list of subscription plans and add-ons that you have purchased in your account.
- Authentication - includes authenticating users through Azure AD, OKTA Workforce, Azure AD (SAML), GSuite (SAML), Okta Workforce (SAML), and ADFS.
- Organizations - add your organizations if you are a domain user.
- Tenants - includes adding tenant details like company name, web address, and subscriptions. In addition, creating users and assigning access to them.
- Users - includes adding users, and assigning access to them.
- Services - a service represents a component, microservice, application, or infrastructure that a team manages and monitors.
- Integrations - include the potential source systems such as Azure, AWS, AppDynamics, ServiceNow, ThousandEyes, Logic Monitor, Google Cloud, Chronicle, and many more to receive the signal into Resolution Intelligence.
- Forwarders - download and install Chronicle forwarders to ingest on-premise data to the cloud.
- Log & data Ingestion: Ingest telemetry data from GCP, AWS, Crowdstrike Falcon, and CarbonBlack databases.
- Asset Onboarding - on-boarding digital assets is an essential step to start monitoring the performance of the devices to improve and standardize your business activities
- Chronicle CMS- includes adding and customizing detection rules, parsers, reference lists, and content packs.
- Asset Monitoring - continuous supervision of the assets without manual intervention to find and notify the impediments caused to slow down the asset performance.
- Processing Rules - a specialized feature that helps you to share helpful information and useful resources to optimize the process of sending signals to users.
- Correlation Policies - to correlate similar threats over a network into a single situation to reduce the network traffic and improve the efficiency of a support team to mitigate the issues faster.
- ActOn Policy - a set of rules that consist of several conditional expressions which will help to transform the incoming signal into a situation.
- Scoring - Templatization Rules - a customized approach of defining rules for ActOn resolution based on the score of each situation.
- Notifications - configure notifications when and how to send an alert to users when a signal is triggered from the monitoring systems via email or webhook. Use customized templates to include the subject and body of an email and define policies to control the flow of notifications to the users.
- Schedules - to display the status of a user like how long the user on the call, which group and shifts currently they are on call for, and when the next on-call will be.
- Escalation Policies - to automate situation assignment and connect services to individual users and/or schedules.
- Activity Logs - provide a comprehensive record of actions and events that are performed by users within the platform. These logs are essential for tracking user activities, and monitoring system events.
- Notification Logs - records that are generated when notification policy conditions are met according to the defined criteria and sent to users within the Resolution Intelligence Cloud.