Level 1: Monitoring and Escalation Only • Security Event Monitoring: Continuous (24/7/365) observation of log sources and telemetry to detect potential security events • Alert Triage: Initial review and prioritization of events based on severity, business impact, and urgency • Escalation and Notification: Timely notification of significant alerts to designated district personnel via agreed communication channels (e.g., email, SMS, phone, or ticketing system) Level 2: Monitoring + Limited Response Support Includes all Level 1 services, plus: • Advanced Log Analysis: Correlation of complex events across multiple platforms • Containment Support: Guidance or automation to isolate infected hosts • Coordination: Notification and context for exposed assets, including CVE tracking or patch advisories Level 3: Full Managed Detection & Response (MDR) Includes all Level 1 and 2 services, plus: • Proactive Threat Hunting: Manual or automated searching for signs of compromise or unusual behavior • Forensic Investigations: Support for incident analysis, data recovery, and root cause determination • Tailored Playbook Development: Custom response workflows aligned to district priorities Professional Services: Dedicated advisory, compliance reviews, or hands-on IR consulting
