Features and Functions

Monitoring: The OmniSOC will provide tier 1, 24x7x365 monitoring of security alerts and associated data feeds from member systems and networks. This monitoring will facilitate detection of potential threats to member networks that require additional research and investigation.

Preliminary Analysis: OmniSOC tier 1 staff will conduct a preliminary analysis of relevant events and triage those events based on the criticality/severity of the event, associated system, and/or service. The triage process will refer to member-provided information such as critical asset lists, potential business functional impact from the loss or disruption of service, criticality or confidentiality of information, time to recover service, and so on to prioritize actions.

Escalation: OmniSOC tier 1 staff will escalate events as appropriate to member incident response teams or OmniSOC tier 2 analysts. The escalation path will be based on pre-determined criteria. For example, known bad events or events that pose an immediate threat will be communicated directly to the member incident response team, with an optional escalation to OmniSOC tier 2 analysts. Other events that are less defined, such as abnormal looking network traffic, potential attack traffic, or “never seen before” events will be escalated to OmniSOC tier 2 for further analysis. This escalation, regardless of path, will follow pre-established methods such as call trees and incident ticket creation. Please consult “Notify Member Incident Response Teams” and “Analyze Security Events” services for additional information.

Availability

This service is available 24x7x365.

Eligibility and Requirements

This advisory level service is provided to all OmniSOC members as part of their annual membership fee.

Additional Information

Please note this service does not include monitoring and triage of the member institution’s local incident system ticket queue.