10. LEVELS OF DETECTION
Data
All AM Detects
Process
behavior
OS events
Micro correlation on EP level:
All EP detection technologies
Reputation
Macro correlation, hypotheses:
All TTP knowledge:
Internal research GReAT, TARG, SOC, SSR
Security assessment (red team)
Incident response (DF, MA, IR)
Monitoring practice
Additionalnotificationsifrequired
11. INTERNAL SERVICE LINES
Project 1 Project 2 Project i
1st tier: 24x7 shift
RP1 RP2 RPi
2nd tier: Responsible for project
3rd tier: SOC research All SOC detects: Alerts &
Hunts
SOC detects customization
Hunts processing
Customer detects creation
Threat hunting
Alerts, hunts processing
Infrastructure
maintenance
Infrastructure
development
Reporting &
Client
management
KL internal research &
Infrastructure