Features and Functions
Notify: Notifies member incident response teams of adverse events or incidents that may require additional investigation or action. Need for notification is determined based on a number of factors, including event analysis, triage, and pre-determined criteria. Notification will occur using pre-established methods such as phone call trees, emails, and direct incident ticket creation.
Provide Details: Provides member with relevant details, including context, timeline, and scope, in notifications to facilitate member team interpretation and action. The type and quantity of details provided will vary based on the incident but will fall into four categories: basic (severity, category, indicators, IP addresses, etc.), contextual (correlation to other alerts, malware type, attacker method of operation, etc.), timeline (entire event window, not just at time of alert), and scope (was event seen on other member networks, etc.).
This service is available 24x7x365.
Eligibility and Requirements
This advisory level service is provided to all OmniSOC members as part of their annual membership fee.