Features and Functions

Notify: Notifies member incident response teams of adverse events or incidents that may require additional investigation or action. Need for notification is determined based on a number of factors, including event analysis, triage, and pre-determined criteria. Notification will occur using pre-established methods such as phone call trees, emails, and direct incident ticket creation.

Provide Details: Provides member with relevant details, including context, timeline, and scope, in notifications to facilitate member team interpretation and action. The type and quantity of details provided will vary based on the incident but will fall into four categories: basic (severity, category, indicators, IP addresses, etc.), contextual (correlation to other alerts, malware type, attacker method of operation, etc.), timeline (entire event window, not just at time of alert), and scope (was event seen on other member networks, etc.).

Availability

This service is available 24x7x365.

Eligibility and Requirements

This advisory level service is provided to all OmniSOC members as part of their annual membership fee.