mSIEM Enhanced

Are you able to respond to alarms and conduct security investigations, but occasionally need another set of expert eyes to make an assessment? With our Enhanced service, we take care of the platform 24x7 while you focus on security, but we back you up with highly skilled analysts who can help you work through complex incidents. And we meet with you quarterly for a more holistic review of the platform and configuration.

mSIEM Enhanced plays directly off mSIEM Essentials, thus contains everything mSIEM Essentials does, yet adds a layer of investigation. The client is still working the alarms, but can escalate and/or route alarms they do not understand to our SOC for validation and corroboration. This particular scenario is good for shops with dedicated staff to alarm monitoring. Castra Consulting has likely seen the alarm before, and/or has innate understanding of how the alarm was generated and can walk the client through the investigation process, then assist with next action considerations - next actions could include tuning/filtering/rewriting or validation of the alarm.

mSIEM Enhanced includes the following services:

Customized Threat Detection
• Expert assistance on new service deployment from Security Operations Team
• Intensive analysis of customer needs and network environment
• Custom configuration of AlienVault platform
• Vulnerability assessment scan tuning
• Correlation optimization and alarm tuning assistance

Recurring Performance Reviews
• Scheduled teleconferences with Security Operations
Team covering:
◦ Alarm review and noise reduction
◦ Capacity planning
◦ Risk posture adjustments
◦ Report customization

Ongoing Health Monitoring
• 24×7 monitoring of appliance health by Security Operations Team
• Cloud-based platform continuously monitors:
◦ Hardware and software stats
◦ Event flow rates
◦ Capacity and performance information
• Proactive tuning and customer notification upon problem detection

Alarm Review
• Customer may escalate alarms for expert analysis
• Response and recommendations within 3 business days
• Advanced alarm response and forensics available for additional fees on a per-incident basis

Learn More