Marble core features

• On premise self installation
• Create detection scenarios based on rules.
• Run those scenarios in batch or real-time to generate decisions.
• Investigate decisions in your own system or within Marble's case manager.
• Manage custom lists such as known users, VPN IPs, and keywords.
• Create any type of data model to feed into Marble.
• Multi-tenant DB

Released (overview)

• Rule engine: executes detection scenarios in batch or real-time.
  • Batch run: can be scheduled or run on-demand.
  • Real-time: triggered through an API.
• Data management: allows you to create your own data model for using Marble.
  • Data interface: set up and describe the objects you want to send to Marble.
  • Ingestion API: send any data to Marble.
• Rule builder: easily create detection scenarios using a user-friendly interface.
  • Create scenarios.
  • Create rules.
  • Score-weighted final decision.
  • Scenario versions parallel run
• Lists: create internal lists and keep them updated for use in rules.
• Case management: investigate decisions and create escalations.
  • View decisions.
  • Investigate a case.
• User management.

Planned on roadmap

• Backtest: check scenario efficiency on your past data before pushing to production
• Supervised Machine Learning: use previous results to create a custom ML detection model
• Advanced connectors for unstructured data: use documents, GPS points, images… in your rules.
  
  

High level roadmap

Opensource - self installation

• Docker for GCP
• Docker for AWS
• Docker for Azure
• Helm charts

Rule Engine :

• Realtime decision through API
• Scheduled batch decisions
• On-demand batch decisions

Rule builder

• Create and update a scenario
• Create and update lists
• No code rule creation
• Create Rules with group (OR) and conditions (AND)
• Associate a score weight with each rule
• Aggregate creation
  • Use aggregates to manage one to many relations and searchs
  • Duplicate agregates
  • Nest agregates
• Connectors
  • Boolean connectors (>,<,=,<>…)
  • [x]Round number identification
  • Text connectors (is in, is not in, contains, contains partially, starts with, end with)
  • Date connectors (before, within, extract hour from…)
  • Nesting (sub-calculation within a single rule line)
  • Previous results use (Has been flagged previously by)
  • Unstructured data connectors (document contains, distance between GPS points…)
  • Fuzzy text connectors (is close to…)
  • 3rd party API connectors
• Score based decision
• Supervised learning
  • ML model creation
  • ML model test
• Sanctions check
  • By API
  • Fully self-hosted

Data

• Define data model with objects and fields
  • Define Enums
  • Non-breaking update of data model
  • Breaking update of data model
• Ingestion API & batch ingestion
• List management (manual or CSV ingestion)
• Connectors for 3rd party API data retrieval

Audit

• Scenario, data and list versioning
• Rule snoozing auditability
• Front-accessible run logs

Case management

• Manage
  • Create inboxes
  • Create tags
  • Create users
• Case investigation
  • Create a case from a decision or from scratch
  • Associate multiple decisions to a case
  • Add commentary to a case
  • Add documents
  • View timeline
  • Group decisions in cases by user / account ...
  • View the environment of a case (linked users / transactions…)
  • Graph relationship
  • Set a reminder
• Case feedback to rule engine
• Workflows decision to case
• Case manager analytics

Analytics

• Scenario performance analytics
• Scenario A/B testing
• Backtest