Threat Intelligence Support Services

Threat Intelligence Support Services ⫘

Below are descriptions of the threat intelligence support services that Secureworks can provide to your organization.

Threat Intelligence Enrichment ⫘

Secureworks will provide additional context (enrichment) for Customer-provided threat indicators, threat context, malware analysis, or TI sourced from your internal operations or third-party sources.

• Criteria/Scope: Up to two (2) items per support request
• Service Units Required: 2

Enrichment Examples
Listed below are examples of customer requests for enrichment. Each scenario is considered one item for a support request.

• Secureworks TI Product ⫘

  Customer Request: We read your recently published CTU TIPS on Bronze Atlas’ use of Mimikatz. Have you observed any recent change in their use of China Chopper?

• Indicator of Compromise (IOC) ⫘

  Customer Request: We have observed several workstations communicating with this specific IP address. Please provide enriched threat intelligence related to this IP address, historical context, known associations with threats, recommendations, and countermeasures.

• Vulnerability/CVE ⫘

  Customer Request: We have unpatched systems that are vulnerable to various CVEs and we are unable to patch immediately. What is our risk exposure to active exploits and what possible mitigation steps we can implement? Are any specific threat groups that you track using this vulnerability as part of their tactics, techniques, and procedures?

• Third-Party Publication ⫘

  Customer Request: What is the Secureworks Counter Threat Unit™ (CTU)’s view on the latest US-CERT publication on state-sponsored Industrial Control System activity? What strategic threat intelligence can you share related to this? How does that apply to our threat model, and can you provide the countermeasures to help defend us against this threat?

Threat Indicator and Threat Behavior Analysis ⫘

Secureworks will conduct analysis of isolated and previously collected IP addresses, domain names, and URLs (all referred to as items) for threat indicators and threat behavior. Up to 50 items per request will be analyzed.

• Criteria/Scope: Maximum of fifty (50) items per support request
• Service Units Required: 2

Scheduling and Booking Information ⫘

See Service Scheduling for information about scheduling any of these services.