Maintenance Policy
Managed Detection and Response
Our optimisation services consist of advisory services related to:
Includes everything in Essential, and:
1.2.1 Threat Intelligence Integration
Maintenance Policy
1 Policy overview
As part of our MDR service offering, we include a Maintenance Policy that ensures our
customers keep up with the changing threat landscape and a focus on continuous service
quality improvement.
1.1 Essential Maintenance
Comprises of two (2) services:
1.1.1 Tuning
Our tuning services consist of the following:
- Maintenance of baseline detection rules
- Maintenance of parsers for log and data sources
- Maintenance of CSIS custom detection rules
- Tuning of false positives of events to reduce noise
Our optimisation services consist of advisory services related to:
- Log source health monitoring (“Heartbeat”)
- Reducing or optimising storage space used in cloud services (e.g., Azure)
- Event and device auditing verbosity and exclusion (what and how much is ingested)
- Data retention length (e.g., for hot-use, cold storage, regulatory requirements)
Includes everything in Essential, and:
1.2.1 Threat Intelligence Integration
- Our Essential Cyber Defence Feed is a threat intelligence feed focused on malicious
- C2 indicators (IP addresses and domains), including individual use cases developed
- for the monitorisation of applicable log sources. For details on our Cyber Defence
- Feed, please refer to https://csis.com/cti_cyber-defence-feed/
- Customer requests and ad-hoc Engineering services
- This is assessed and approved on a project basis.
1.3 Not included in our Maintenance Policy
1.3.1 Customer requests and ad-hoc services
Such as:
Parser/normaliser changes (add, modify, remove)
Assistance with automation (i.e., automatic handling of specific alerts by playbooks)
Changes or modifications of underlying SIEM platform technologies, e.g.: