Threat Hunting Assessment
Service Overview ⫘
Secureworks will perform a Threat Hunting Assessment in your environment, reviewing traces that persist in endpoint sensors, network sensors, and retained logs to identify indicators and behaviors of compromise. The activities to be performed may include but are not limited to the following:
- Digital media handling guidance and support
- Deployment support for host-based, network-based, and log analysis technologies
- Threat hunting analysis (host-based, network-based, malicious code, logs, and threat intelligence) for on-premises and cloud infrastructure
Service Methodology ⫘
Prior to the Threat Hunting Assessment, Secureworks will provide you with a questionnaire to complete. We will work with you to identify the data sources necessary to complete the assessment, identify the available data sources, and construct a plan to obtain the required data.
Secureworks will deploy endpoint and network sensors, as appropriate, in your environment to assess the environment as follows:
- Endpoint Sensor: Search and inspect in-scope systems for threat indicators and threat behaviors. Based on the results, endpoints are categorized as confirmed-compromised, exhibiting suspicious threat indicators, or as exhibiting no known threat indicators.
- Log Data: Search and inspect log data from key technical elements within your network for entries that may be indicative of threat actor activity.
- Network Sensor: Search and inspect in-scope network sensors for threat indicators and threat behaviors. Based on the results, network traffic is categorized as confirmed-compromised, exhibiting suspicious threat indicators, or exhibiting no known threat indicators.
Purchasing options for a Threat Hunting Assessment are small, medium, and large, and the number of endpoints in the environment being assessed is what is used to determine the appropriate size.
In the event that ongoing or previous compromise activity is discovered, Secureworks can provide you with Emergency Incident Response to the extent mutually defined between you and Secureworks as a separate engagement.
Outcome ⫘
Secureworks will issue a report to your organization's designated point of contact within three (3) weeks of completing the assessment. The report may include the following:
- Executive summary, outlining key findings and recommendations
- Methods, detailed findings, narratives, and recommendations
- Attachments providing relevant details and supporting data
Scoping Information ⫘
Scope | Description |
---|---|
Threat Hunting Assessment - Small | Up to 1,000 endpoints 30 days of storage |
Threat Hunting Assessment - Medium | Up to 5,000 endpoints 30 days of storage |
Threat Hunting Assessment - Large | Up to 10,000 endpoints 30 days of storage |
Scheduling and Booking Information ⫘
See Service Scheduling for information about scheduling this service.