My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
2022-02-28-minutes-it-study-session
>
Meetings
>
2022
>
03. March
>
2022-03-15 10:00 AM - Commissioners' Agenda
>
2022-02-28-minutes-it-study-session
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
3/10/2022 1:48:55 PM
Creation date
3/10/2022 1:47:06 PM
Metadata
Fields
Template:
Meeting
Date
3/15/2022
Meeting title
Commissioners' Agenda
Location
Commissioners' Auditorium
Address
205 West 5th Room 109 - Ellensburg
Meeting type
Regular
Meeting document type
Supporting documentation
Supplemental fields
Alpha Order
a
Item
Approve Minutes
Order
1
Placement
Consent Agenda
Row ID
87183
Type
Minutes
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
29
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
<br /> 4 <br />CI monitors delivery of data streams on an automated basis as <br />available, and will also perform periodic manual reviews <br /> <br />Managed <br />Detection and <br />Response <br />(CI-MDR) <br /> <br />Monitoring: <br /> <br />Upon successful activation of specified platforms, CI will ingest any <br />approved data streams, specified in the ‘Platform’ section, and will <br />elevate alerts from those streams for review, as appropriate. CI <br />analysts review approved data streams for indicators of compromise <br />which include but are not limited to: <br /> <br />• Alerts linked to Poor Reputation IPs or Domains <br />• Command and Control connections <br />• Anomalous or suspicious alert patterns <br />• Sudden shifts in the volume of key activities <br />• Event correlation with regional, sector, or global campaigns <br /> <br />Managed <br />Detection and <br />Response <br />(CI-MDR) <br /> <br /> <br />Response: <br />• Investigation ticket created and assigned to Critical Insight <br />Analyst with a goal to conclude the investigation within the <br />specified SLA (see SLA agreement) <br />• Analysts investigate and attempt to confirm an incident has <br />occurred by analyzing relevant and available data <br />• For on-premises customers, “relevant data” refers to the <br />packet capture, network flows and system logs from 30 <br />seconds prior to until 30 seconds after the suspect activity in <br />standard investigations. When warranted, the time period <br />may expand. <br />• For AWS, Azure, Microsoft Defender, or MCAS customers, <br />“relevant data” refers to any data that the customer sends <br />CI from Customer’s native AWS, Azure, Defender, or MCAS <br />systems <br />• Confirmation occurs when evidence of attack or compromise <br />is verified by a CI Analyst <br /> <br />Tiered Response: <br /> <br />• For all confirmed incidents, notify customer within 30 minutes of <br />incident verification <br />• For urgent or high severity incidents, a final Incident Action Plan <br />will be delivered to Customer at the time that all related tickets <br />are closed. The report will include:
The URL can be used to link to this page
Your browser does not support the video tag.