mSIEM Enhanced plays directly off mSIEM Essentials, thus contains everything mSIEM Essentials does, yet adds a layer of investigation. The client is still working the alarms, but can escalate and/or route alarms they do not understand to our SOC for validation and corroboration. This particular scenario is good for shops with dedicated staff to alarm monitoring. Castra Consulting has likely seen the alarm before, and/or has innate understanding of how the alarm was generated and can walk the client through the investigation process, then assist with next action considerations - next actions could include tuning/filtering/rewriting or validation of the alarm.
All elements of mSIEM Essentials plus:
• Customer may escalate alarms for expert analysis
• Response and recommendations within 3 business days
• Advanced alarm response and forensics available for additional fees on a per-incident basis