Features and Functions

Escalation: Takes ownership of cases escalated from OmniSOC tier 1 staff that require additional analysis. Determines what, if any, further action is necessary.

In-depth Analysis: Identifies and investigates suspicious or anomalous activity in security alerts and associated data feeds from member systems and networks to determine whether a potential incident occurred. Reviews and analyzes network or system events for attack signs (precursors or indicators). Collects, correlates, and analyzes relevant data to determine an incident’s impact and severity. Determines what actually happened based on analysis, to validate or refute the potential incident.

Collaborate and Coordinate: Collaborates with tier 1 analysts and member security and incident response teams to assess full scope, impact, and severity in response to adverse events. Coordinates with other OmniSOC analysts and member security and incident response teams to ensure appropriate response to incidents

Automation: Automates analysis using custom signatures and dashboards to streamline future similar event handling.

Availability

This service is typically available during normal business hours, Monday through Friday. However, OmniSOC tier 2 analysts are on call 24x7x365 and will respond after hours as necessary.

Eligibility and Requirements

This advisory level service is provided to all OmniSOC members as part of their annual membership fee.