Essential SIEM – Log Source Enablement

Providing a client with custom log sources and detection use cases that are beyond what’s currently supported by DeepSeas.

Working together with the client DeepSeas will:

• Ingest the new source into the platform
• Validate and troubleshoot any parsing issues
• Analyze the data for detection use cases
• Implement and test those use cases
• Build SOPs for SOC analyst response to alerts generated

The process leveraged will include the following:

• DeepSeas will investigate and determine the path of ingestion for the log source and provide the client with instructions on what needs to be done on the client side and what information needs to be provided back to DeepSeas such as credential or secrets.
• The client will provide that information and DeepSeas will implement and validate to the client that the data is ingestion.
• The DeepSeas Threat Detection Engineering team will then analyze the data and determine appropriate detection use case development.
• The cases will be implemented, tested and documented by the Threat Detection Engineering Team.
• The SOC will create their SOPs based on the testing being conducted.
• Information will be provided to the client once completed

Upon completion the client will be provided with documentation regarding

The detection use cases:

• Names
• Brief Description
• Mitre Attack Framework Tactic and Technique
• Data table that is populating with the new data

The log sources hashave a parser that has already been created by Devo.

Client will be responsible for

• Providing any credentials or secrets needed for the ingestion
• Be available for calls with respect to troubleshooting the ingestion of the new source

DeepSeas will:

• Provide client with instructions needed to ingest the new sources
• Troubleshoot the parsing
• Analyze the data to determine detection use cases
• Implement and test those use cases
• Develop SOPs for SOC team
• Document the detection use cases