Orange County NC Website
Browse       Search
Orange County August 8, 2024 <br />ASTRO 25 Managed Detection and Response 24-177976 / Cybersecurity Services <br />Solution Description <br /> <br />Use or disclosure of this proposal is subject to the restrictions on the cover page. <br />Motorola Solutions Confidential Restricted <br /> <br />Page 1-4 <br />Security Advisories <br />Security Advisories are messages initiated from the SOC that share information on active threats with <br />the Customer’s security teams. These advisories guide security teams on how to best take action <br />against a threat and tell them where they can find further information. <br />Information Sharing <br />The ActiveEye Portal includes several functions for sharing information. Automatic security alerts notify <br />pre-defined contacts of incidents, based on incident priority. Other information sharing functions <br />include: <br />• SOC Bulletins - Instructions from the Customer, or the SOC, that SOC analysts reference <br />when creating security cases. These can communicate short-term situations where a security <br />case may not be needed, such as during testing or maintenance windows. <br />• Customer Notebook - The SOC will use the Customer Notebook to document the Customer’s <br />environment and any specific network implementation details that will help the SOC investigate <br />security cases. <br />• Contact Procedures - Escalation procedures and instructions on who to contact if an incident <br />occurs. Contact procedures include instructions and procedures for specific security incident <br />levels. The SOC and the Customer will jointly manage contact procedures. <br />User Access <br />The ActiveEye Portal provides the ability to add, update, and remove user access. Every ActiveEye <br />user can save queries, customize reports, and set up daily email summaries. Users may be given <br />administrative access, allowing them to perform administrative tasks, such a s setting up new service <br />connectors, resetting passwords, and setting up multi-factor authentication for other users. <br />1.2.2 Service Modules <br />ActiveEye delivers service capability by integrating one or more service modules. These modules <br />provide ActiveEye analytics more information to correlate and a clearer vision of events on the <br />Customer’s network. In addition, modules enable security teams and analysts to more easily access <br />and compare data from these disparate systems. The following subsections describe each ActiveEye <br />service module in detail. <br />1.2.2.1 Log Collection / Analytics <br />The AERSS deployed in the Host’s system collects logs and other security information from applicable <br />servers, workstations, switches, routers, Network Detection, and firewalls. This information is forwarded <br />to the ActiveEye platform, which uses advanced analytics to identify signs of secu rity incidents. If it <br />identifies signs of a security incident, ActiveEye notifies the SOC for further analysis. <br />Collected events will be stored in the ActiveEye Security Management Platform to enable historical <br />searching or threat hunting as needed. Some high volume, repetitive logs may be aggregated as noted <br />in the documentation. The default s torage time period is one year, but no longer than 90 days, following <br />expiration or termination of the Agreement. A longer time period can be provided if subscribed, see <br />Table 1-2: Service Modules for subscription details. <br />Docusign Envelope ID: AD07CE02-1F94-4496-ABD0-D61F9CBE562C