- Netenrich
- FAQs
FAQs
Your questions, answered
Resolution Intelligence Cloud
-
Is the platform a SIEM, SOAR, or XDR?
Resolution Intelligence Cloud is a new way to manage security and digital ops. It's a data analytics platform for security and digital ops data at scale that uses an open architecture, so it plays well with other security and ops tools you have.
And it has the scale and speed of Google Chronicle SIEM built in. Furthermore, it integrates with Google Chronicle SOAR (formerly Siemplify) as well as other SOARs and ITSMs like ServiceNow and Jira.
XDR (Extended Detection and Response) is a category with a variety of definitions. It's often viewed as the next generation of EDR (Endpoint Detection and Response), offering integrations and analytics on top of EDR alerts. Resolution Intelligence Cloud can ingest XRD and EDR data.
Resolution Intelligence Cloud takes a different approach, boosting both SOC and NOC effectiveness. It ingests all security and digital operations telemetry without extra cost, runs advanced data analytics to correlate data points, and detects patterns over time, in real time. It provides situational awareness and context beyond what EDRs or XDRs capture, and it automates Level-1 and Level-2 tasks.
-
What does the platform add to Chronicle?
Resolution Intelligence Cloud uses Google Chronicle as its infinitely scalable, super-fast security data lake. You get all the functionality of Chronicle plus Resolution Intelligence Cloud adds important features for enterprises and service providers: multi-level multitenancy, rule and parser packs, rule and parser management, real-time dashboards, data analytics, machine learning, automation, situational awareness, ActOns, collaboration war rooms, and more. For more info, see the Resolution Intelligence Cloud platform page.
Resolution Intelligence Cloud ingests operations data as well and correlates it with your security data, so security and digital ops teams have a common operational view as well as a single place to collaborate.
-
What is Foundation?
Foundation is short for Resolution Intelligence Cloud's Foundation for Google Chronicle, our entry-level subscription plan.
Foundation for Google Chronicle jumpstarts Chronicle for security data ingestion, storage, and search at Google speed and scale. It operationalizes Chronicle with multi-level multitenancy, role-based access control, Netenrich threat intelligence, parser and rule packs, content management, real-time dashboards and reports, and more. Netenrich provides implementation services, a customer success manager, and customer support to ensure your success.
Working with Netenrich
-
Can I buy Chronicle licenses through Netenrich? What if I already have a license?
Yes, when you buy Resolution Intelligence Cloud, you can buy Chronicle licenses through Netenrich. If you already have one or more Chronicle licenses, that's fine too. Contact us to discuss your situation.
-
Does Netenrich sell though partners or direct?
We sell Resolution Intelligence Cloud primarily through our trusted partners. Learn about our partner program.
Occasionally we sell directly to enterprises that need a service-provider platform. Please contact us.
-
How does Netenrich work with partners?
Netenrich partners with MSPs and MSSPs who use Resolution Intelligence Cloud to provide managed secure operations to their customers. Learn more about partnering with Netenrich.
Data & Analytics
-
How does the platform ingest security data?
Resolution Intelligence Cloud collects data through Google Chronicle data forwarders and APIs. This covers almost 98% of security detection tools and telemetry. If you need another integration, Netenrich can help with custom parsers.
-
How does the platform ingest IT ops data?
Resolution Intelligence Cloud collects IT operations data using native integration to monitoring tools and APIs. More than 2,500 integrations are supported.
-
What analytics does the platform run?
Resolution Intelligence brings together multiple analytical products in one platform for a continuously evolving infrastructure and threat landscape:
Anomaly-based analytics on users, entities, and activities to identify patterns of risky behavior.
Open-ended signal analytics to enable a wide range of security use cases: data and detection coverage analysis, malware spread analysis, measuring detection rule efficacy, and more.
Attack path analytics to identify the entire attack story across historical data.
Features
-
What is an ActOn?
An ActOn is like an incident. It's a situation that may cause or has already caused negative impact on confidentiality, integrity, and/or availability PLUS the situational awareness needed to quickly determine appropriate response.
ActOns gather, prioritize, and present curated, contextual data – like related alerts, events, asset, and user data, evidence, and more. Each ActOn has a quantified risk score (based on likelihood, impact, and confidence), so analysts know where to focus first.
ActOns increase efficiency and effectiveness with the contextual information that analysts need at their fingertips.
-
How does the platform quantify risk?
For each ActOn, Resolution Intelligence Cloud quantifies a single risk score by determining Likelihood (connects what happened with how), Impact (measures potential impact on customers, business, and information), and Confidence (measures the prevalence of a signal in the context of the environment: is this a true positive?). The platform combines these values into a single risk score and presents the evidence as part of the ActOn.
Risk scores are based on extensive correlation and data across security and operations.
Integrations
-
Does Resolution Intelligence integrate with SOAR?
Resolution Intelligence Cloud integrates with Google Chronicle SOAR (formerly Siemplify). In addition, Resolution Intelligence Cloud provides collaboration and automation that support some case management functionality. See platform plans and pricing.
-
What external threat intelligence does Resolution Intelligence Cloud support ?
Resolution Intelligence Cloud supports STIX standards and can ingest any external threat intel sources. The platform comes integrated with two threat intel sources: VirusTotal and Netenrich external threat intelligence including Knowledge Now, aka KNOW.
More
-
What are "actionable insights"?
Actionable insights are conclusions drawn from data that can be turned directly into an action or a response. Resolution Intelligence Cloud generates actionable insights from big data – your security and ops data – and presents them as ActOns.
Data can paint a picture of what happened. But it’s the related data — situational awareness — that explains why it happened, which is often what makes an insight actionable and accelerates appropriate response.
-
How can I see Resolution Intelligence Cloud in action?
We'd be delighted to show it to you. Reach out to set up a demo.