Requests
Custom Detection Content
This request type is designed for users who need to create or modify detection rules within their Security Information and Event Management (SIEM) system or other security monitoring tools. Custom detection content allows you to tailor threat detection capabilities to your specific environment, ensuring that unique threats are identified and managed effectively.
Steps:
- Define the Need: Before submitting the request, clearly define the specific behavior or threat you want to detect. This might include unusual network traffic, specific file changes, or user behavior anomalies.
- Submit Request: Use the form to submit your request. Include detailed information such as the type of activity to be detected, any relevant data sources, and specific parameters that should trigger the detection.
- Collaboration: Once submitted, our team may contact you for additional details or clarification to ensure the detection content is tailored accurately.
- Implementation: Our security engineers will create or adjust the detection content as specified. This may include writing custom scripts, configuring rules within the SIEM, or integrating new data sources.
- Testing and Validation: After the detection content is created, it will be tested in a controlled environment to ensure it functions as intended without false positives.
- Deployment: The final detection content will be deployed to your production environment, with ongoing monitoring to fine-tune its effectiveness.
Prerequisites: - Understanding of the specific threat or behavior to be detected. - Access to necessary data sources and log files.
Onboard Log Sources
Overview
Onboarding log sources involves integrating new data feeds into your security monitoring system. This is essential for expanding your monitoring capabilities as new assets are added to your environment, such as servers, applications, or network devices. More detailed information can be found in the Introduction to Log Onboarding.
Steps:
- Asset Identification: Identify the new assets that require monitoring. This could include servers, workstations, firewalls, or other network devices.
- Submit Request: Use the form to initiate the log source onboarding process. Provide detailed information about the assets, including IP addresses, system roles, and any specific logging requirements.
- Configuration Assistance: Our team will work with you to configure the log sources. This might involve setting up log forwarding, installing agents, or configuring devices to send logs to the SIEM.
- Verification: Once the log sources are configured, we will verify that logs are being received correctly and are properly parsed by the SIEM or other monitoring tools.
- Documentation: We will document the log sources and their configuration for future reference and troubleshooting.
Prerequisites: - Access to the assets that need to be monitored. - Administrative privileges to configure logging on those assets.
Sweep for IOCs (Indicators of Compromise)
Overview
A sweep for IOCs is a focused search within your environment for known malicious artifacts, such as file hashes, IP addresses, or domain names associated with cyber threats. This is often done in response to an identified threat or as part of a proactive threat-hunting effort.
Steps:
- Gather IOCs: Before submitting the request, collect the IOCs you wish to search for. These might include IP addresses, domain names, file hashes, or other indicators.
- Submit Request: Use the form to submit your sweep request. Include the IOCs as comma-separated values, along with any specific systems or logs you want to search.
- Execution: Our team will execute the sweep using the provided IOCs. This may involve querying logs, scanning file systems, or other investigative techniques.
- Analysis and Reporting: We will analyze the results of the sweep, identifying any matches and assessing the potential impact. A report will be provided detailing the findings and recommended actions.
- Follow-Up Actions: Based on the findings, additional steps may be required, such as isolating compromised systems, removing malicious files, or further investigation.
Prerequisites: - A clear understanding of the IOCs and their relevance to your environment. - Specific systems or logs to be targeted in the sweep.
Live Query
Overview
Live Query allows you to execute real-time queries against your SIEM or other log management systems to retrieve up-to-date information on security events. This is useful for ad-hoc investigations or when you need immediate insights into ongoing incidents.
Steps:
- Determine Query Requirements: Identify the specific data you need. This could include log entries, security events, or system states.
- Submit Query: Use the form to submit your query. If you need a predefined query, choose from the available options. For custom queries, provide detailed parameters or contact us directly for assistance.
- Execution: Our system will execute the query against the relevant data sources. This is typically done in near real-time to provide the most current information available.
- Results: You will receive the query results, which may include raw logs, summarized data, or visual reports depending on the query type.
- Further Analysis: If the query results require further analysis, you can request additional assistance or follow-up queries.
Prerequisites: - Knowledge of the specific data or events you are querying. - Access to the SIEM or relevant log management system.
Request a New Account
Overview
This request type is for adding new users to your security monitoring system or related tools. It ensures that team members have the necessary access to perform their roles, following your organization’s security policies.
Steps:
- Authorization: Ensure you have the necessary authorization to request a new account. This typically requires approval from management or IT administration.
- Submit Request: Complete the form with the new user’s details, including their role, required access levels, and any specific permissions needed.
- Review and Approval: Our team will review the request to ensure compliance with your organization’s policies and security requirements.
- Account Creation: The new account will be created, and the user will be granted the specified access.
- Confirmation: You will receive confirmation once the account is set up, along with any credentials or instructions for the new user.
Prerequisites: - Authorization to request new accounts. - Detailed information about the new user and their role.
Support Request
Overview
The support request form is your go-to for any miscellaneous inquiries or assistance not covered by other request types. Whether you need help troubleshooting an issue, advice on security best practices, or answers to technical questions, this form connects you with our support team.
Steps:
- Identify the Issue: Clearly define the problem or inquiry you need assistance with.
- Submit Request: Use the form to describe your issue or question. Provide as much detail as possible, including any relevant error messages, steps taken, and desired outcome.
- Initial Response: Our support team will review your request and respond with initial guidance or follow-up questions if more information is needed.
- Resolution: We will work with you to resolve the issue or provide the necessary support. This may involve remote assistance, troubleshooting, or providing additional resources.
- Follow-Up: After the issue is resolved, we may follow up to ensure everything is functioning correctly and to address any remaining questions.
Prerequisites: - Detailed description of the issue or inquiry. - Availability to assist with troubleshooting if required.