Orange County NC Website
Browse       Search
83 <br /> Orange County August 8,2024 <br /> ASTRO 25 Managed Detection and Response 24-177976/Cybersecurity Services <br /> Security Advisories <br /> Security Advisories are messages initiated from the SOC that share information on active threats with <br /> the Customer's security teams. These advisories guide security teams on how to best take action <br /> against a threat and tell them where they can find further information. <br /> Information Sharing <br /> The ActiveEye Portal includes several functions for sharing information. Automatic security alerts notify <br /> pre-defined contacts of incidents, based on incident priority. Other information sharing functions <br /> include: <br /> • SOC Bulletins - Instructions from the Customer, or the SOC, that SOC analysts reference <br /> when creating security cases. These can communicate short-term situations where a security <br /> case may not be needed, such as during testing or maintenance windows. <br /> • Customer Notebook - The SOC will use the Customer Notebook to document the Customer's <br /> environment and any specific network implementation details that will help the SOC investigate <br /> security cases. <br /> • Contact Procedures - Escalation procedures and instructions on who to contact if an incident <br /> occurs. Contact procedures include instructions and procedures for specific security incident <br /> levels. The SOC and the Customer will jointly manage contact procedures. <br /> User Access <br /> The ActiveEye Portal provides the ability to add, update, and remove user access. Every ActiveEye <br /> user can save queries, customize reports, and set up daily email summaries. Users may be given <br /> administrative access, allowing them to perform administrative tasks, such as setting up new service <br /> connectors, resetting passwords, and setting up multi-factor authentication for other users. <br /> 1.2.2 Service Modules <br /> ActiveEye delivers service capability by integrating one or more service modules. These modules <br /> provide ActiveEye analytics more information to correlate and a clearer vision of events on the <br /> Customer's network. In addition, modules enable security teams and analysts to more easily access <br /> and compare data from these disparate systems. The following subsections describe each ActiveEye <br /> service module in detail. <br /> 1.2.2.1 Log Collection /Analytics <br /> The AERSS deployed in the Host's system collects logs and other security information from applicable <br /> servers, workstations, switches, routers, Network Detection, and firewalls. This information is forwarded <br /> to the ActiveEye platform, which uses advanced analytics to identify signs of security incidents. If it <br /> identifies signs of a security incident, ActiveEye notifies the SOC for further analysis. <br /> Collected events will be stored in the ActiveEye Security Management Platform to enable historical <br /> searching or threat hunting as needed. Some high volume, repetitive logs may be aggregated as noted <br /> in the documentation. The default storage time period is one year, but no longer than 90 days, following <br /> expiration or termination of the Agreement. A longer time period can be provided if subscribed, see <br /> Table 1-2: Service Modules for subscription details. <br /> Solution Description ®MOTOROLASOLUTIONS <br /> Use or disclosure of this proposal is subject to the restrictions on the cover page. <br /> Motorola Solutions Confidential Restricted <br /> Page 1-4 <br />