Description of Services

1. Overview

SIEMphonic services are provided on a commercially reasonable basis by EventTracker staff through secure access to EventTracker-provided software running at the Customer’s premises or in one of EventTracker’s data centers. EventTracker staff shall be located at EventTracker’s Control Center (“ECC”).

2. Available SIEMphonic Service Offerings

Customer to indicate selected services on applicable work order or statement of work (SOW). EventTracker reserves the right to change the services being offered at any time, provided however that EventTracker will not stop delivery of a service during the term of an applicable work order or SOW.

  • RUN: Administrative maintenance of Customer’s EventTracker software; EventTracker staff assistance in ensuring optimal setup of EventTracker software
  • WATCH: Reviewing incidents, reports dashboards, and behavior analysis on Customer’s EventTracker software, delivery of CORs, and forensic audit assistance
  • Professional Services: Custom, non-standard configuration or development under separate work order or SOW
  • 24/7 Monitoring, Escalation, and Notification
  • 24/7 Analytics and Forensics with remediation recommendations
  • EventTracker Vulnerability Assessment Service (ET-VAS)
  • EventTracker Intrusion Detection System (ET-IDS)
  • EventTracker HoneyNet (ET-HNET)
  • EventTracker NTOP NG (ET-NTOP) Network flow/packet capture and analysis
SIEMphonic services are intended to augment the operation of the EventTracker software by the Customer and are not intended to replace Customer’s interaction with the EventTracker software or other aspects of the Customer’s network security suite. These services require that EventTracker staff be granted remote access to administer and review servers running Customer’s instance of EventTracker-provided software.

2.1. RUN

Post-implementation services for the administrative maintenance of EventTracker-provided software including licensing updates, service pack installation, and basic configuration and tuning of filters, user profiles, standard reports, alerts, and dashboards.

2.2 WATCH

EventTracker staff will review incidents, reports, dashboards, and behavior analysis on Customer’s EventTracker software. Incidents and reports that are determined in prior consultation with Customer to merit escalation to Customer’s IT staff will be shared through a Critical Observations Report Summary. Monthly Executive Summary reviews will include a direct feedback session with Customer whenever possible. Customer shall provide ongoing guidance for potential security, regulatory, and compliance issues, including summary and relevant detailed analysis of:

  • Threats
  • Privileged User Monitoring
  • Changes to Identity and Access Policies
  • Identity/Role Context in User Activity Monitoring Reports
  • Change Management Reports to Identify Resource Access Exceptions
  • Data Access
  • Application Activity
  • Behavior Analysis and Threat Intelligence
  • System Resources

24/7 Monitoring (when contracted)

For priority alerts generated by the EventTracker software and received at the EventTracker Control Center, our staff will remotely escalate and notify Customer.

Service Delivery of Critical Observations Options

  • Weekly – On a scheduled day every week. Schedule will be pre-agreed during service initiation. In case of U.S. holidays, service will be delivered the working day prior to the holiday. EventTracker will perform review and analysis of the alerts, incidents, and logs for the previous seven (7) calendar days.
  • Daily 7 – Monday through Sunday, all calendar days of the year. EventTracker will perform review and analysis of alerts, incidents, and logs for the previous one (1) calendar day.
  • 24/7 – Monday through Sunday, all calendar days of the year, 24 hours per day, 7 days per week. EventTracker will perform forensic review and analysis to include remediation recommendations beginning within the 4-hour Service Level Objective.

2.3. T&M Services for Custom, Non-Standard Configurations

Under a separate work order or SOW, EventTracker will work with Customer to create custom configurations for Behavior Analysis, Correlation Rules, Threat Intelligence Feeds, Categories, Dashboards/Dashlets, and Alerts.

2.4. 24/7 Analytics

EventTracker will analyze data resident in Customer’s instance of EventTracker-provided software and conduct forensic analysis to attempt to identify indications of compromise, which may result in remediation recommendation(s) for the alerts observed, beginning within the 4-hour Service Level Objective.

2.5. EventTracker Vulnerability Assessment Service (ET-VAS)

EventTracker and Customer will mutually identify and group assets in Customer’s environment for vulnerability scanning and attempt to detect vulnerabilities in the target assets. Scanning schedule to be determined in the applicable work order or SOW.

Customer agrees that this capability may require a software appliance to be installed on its network with secure remote access to be provided to EventTracker Control Center staff.

2.6. EventTracker Intrusion Detection System (ET-IDS)

EventTracker will work with Customer to have Snort (Community Edition) installed on Customer’s network as a virtual appliance. Customer agrees that this capability will require a software appliance to be installed on its network with secure remote access to be provided to EventTracker Control Center staff.

2.7. EventTracker HoneyNet (ET-HNET)

EventTracker and Customer will mutually identify locations to configure honeypots in the Customer’s internal and public-facing network as part of a deception strategy. Customer agrees that this capability will require a software appliance to be installed on its network with secure remote access to be provided to EventTracker Control Center staff.

2.8. EventTracker NTOP NG (ET-NTOP)

EventTracker will work with Customer to implement, maintain, and analyze network flow and/or packet capture data to augment security operations. Customer agrees that this capability will require a software appliance to be installed on its network with secure remote access to be provided to EventTracker Control Center staff.

3. Support

You may contact the EventTracker Control Center via e-mail at ecc@eventtracker.com or call us at 877 333 1433 x3. You may get updates at http://www.eventtracker.com. EventTracker reserves the right to modify this document and the content described herein without notice.