1. Service Scope & Coverage 1.1 Security Operations Center (SOC) • The service must be fully managed with continuous 24/7 monitoring. • The SOC must have operations within the United States. • The provider must maintain SOC 2 Type II compliance. 1.2 Managed Detection and Response (MDR) • The MDR service must integrate with SentinelOne. • Proactive threat hunting must be included as part of the service. • The MDR solution must support: o On-premises infrastructure o Cloud environments, including Azure networks and workloads o Microsoft 365 1.3 Security Information and Event Management (SIEM) • The provider should offer a SIEM solution or an equivalent log management platform. • The SIEM must support on-premises and cloud for log collection and correlation. 2. Implementation and Tuning Process 2.1 Onboarding Process • Describe the step-by-step process for onboarding a new customer, including initial assessments, customization, and optimization of the solution. 2.2 Configuration and Setup • Provide details on the configuration and setup process, including any required hardware, software, and network configurations. 2.3 Training and Support • Outline the training and support provided during the implementation phase to ensure a smooth transition. 3. Threat Detection & Incident Response 3.1 Threat Intelligence & Correlation • The provider must have integrated threat intelligence feeds and disclose their sources (e.g., commercial, government, open-source, proprietary). • The service must utilize AI/ML-based anomaly detection for advanced threat correlation. 3.2 Incident Response & Remediation • The service must include containment and remediation capabilities. • Incident Response Playbook: Describe the methodology for developing, updating, and validating the incident response playbook. • Testing and Review: Outline the testing and review processes to ensure effectiveness.
