E. Roles and Responsibilities

Next Article

2. SOC Operations

E. Roles and Responsibilities

General Assumptions

 Data Consult is not responsible for managing and configuring the logging setup for each of the various data sources that are collecting logs and sending them to SIEM, but will advise the customer team on the best practices and procedures to apply needed data sources configuration.  Data Consult will optimize the configuration of the existing SIEM, SOAR and EDR solutions as per the scope of work in this proposal. The extent of the optimization and enablement of existing solutions and operations will depend on the functionalities and features in the designated systems  Data Consult will provide the customer with 8x5 alert monitoring, triage, analysis and investigation services under this SOW via a team of remote security analysts based in our Security Operation

Center in KSA.  The content packs (i.e., searches, reports and dashboards) for security monitoring and investigation will be implemented based on the availability of relevant data sources from the designated environment.

Note: The Management and Administration of the data sources/devices that are, or will be, sending logs to SIEM is not included in this service, however Data Consult team will advise the customer on the appropriate configuration of the data sources.

Data Consult Responsibilities:

 Data Consult will configure the local SOAR solution within the designated monitored infrastructure. The capabilities of SOAR solution and operations will depend on the functionalities allow by the integration with SIEM solution.  Data Consult will provide 8x5 Level 2 monitoring and security incident management.  Data Consult will provide a well streamed and matured process and procedures for SOC operations and incident management.  Data Consult will provide 8x5 Level 2 alerting and assistance for incident management to the customer.  Data Consult will provide regular scheduled reports on security operations postures related as per the explained scope in deliverables section.  Data Consult will create specific Business use cases and implement the same in the SOC offered as per the SOW in this proposal.  Data Consult will provide Proactive and Reactive inputs to the customer for ensuring the best Cyber Security spectrum.

Throughout the engagement with the customer Department, Data Consult will ensure the confidentiality and integrity of the customer perceptiveness and properties.

Customer Responsibilities:

 The customer w i l l p r o v i d e D a t a Consult w i t h t h e r e q u i r e d a d m i n i s t r a t i v e interfaces for monitoring event streams and log collection activities of all in-scope components of security technology infrastructure, if required.  The customer team will be in charge of the solutions management, patching, health checks, backups, and other related security, performance and maintenance tasks on SOC solutions after deployment.  The customer will provide necessary action, assistance and support in the installation and configuration of necessary infrastructure, network components and assets to guarantee achieving security, availability, and accessibility for SOC Monitoring team access to the designated monitored environment infrastructure to perform in-scope services.  The customer will inform Data Consult within three calendar days (72 hours) of any change in Point of Contact (POC) information for this service to perform SOC monitoring services in scope.  The customer agrees to work collaboratively with Data Consult in defining the various user groups and roles and related incident handling and response procedures.  The customer will inform Data Consult of any change within security technology and/or IT environment that are relevant to the Service.  The customer will review the Monthly service reports and provide

Data Consult with any relevant feedback or questions pertaining to the report.  The customer will configure data source instances (i.e., Firewalls,

IDS/IPS devices, etc.) to collect logs and send the data to the SIEM.  The customer will provide needed technical and human resources to achieve the integrations desired and connectivity between the existing SOC solutions and remote SOC when enabled  The customer will troubleshoot data sources that are not collecting the desired events/fields within the logs that the data sources are sending to SIEM. (For Example: If a firewall is not logging all desired events, the customer is responsible for editing the logging policy/configuration settings for that specific firewall).  The customer will identify and prioritize relevant data sources for the use case development based on the important of the assets, business associated risks, and operational impact of potential attacks  The customer will help Data Consult to coordinate with the appropriate data source owners within Customer organization, as needed.