Laserfiche WebLink
<br />©2025 Lumifi Cyber, Inc. All rights reserved. <br />PRIVATE - Controlled by Lumifi Cyber <br /> <br />12/18 <br />PRIVATE - Controlled by Lumifi Cyber <br />CASE <br />REVIEW <br />(CI-MDR) <br /> <br />LUMIFI will monitor in-scope security products and elevate select alerts for SOC <br />review as “Cases”. Alerts that LUMIFI raises to manual SOC review are based on <br />LUMIFI’s determination of cyber risk which is a combination of advanced analytics <br />scoring along with LUMIFI and Customer service history. The ultimate goal of Case <br />creation and review is to ensure there are multiple detection points for a given <br />threat, while minimizing false positives for both LUMIFI and Customer. <br /> <br />LUMIFI’s SOC will investigate Cases and corresponding alerts using all in-scope <br />security products for a Customer’s MDR service, as relevant to the investigation. <br />Multiple alerts may be grouped into a single investigation through correlation and <br />automation or through SOC investigation. <br /> <br />LUMIFI will assess the threat of an investigation based on mapping the outcome of a <br />thorough investigation with the Incident Classification and SOC Severity Matrix. <br />LUMIFI will use underlying alert severities and risk scores as guides but will <br />ultimately determine the threat level of an investigation based on SOC expertise, <br />analytics, and processes. <br /> <br />All alerts that have been escalated to the SOC for review in Cases will be reviewed in <br />alignment with the MDR SLA’s outlined in the Service Level Agreement section at the <br />end of this document. <br /> <br />If LUMIFI confirms an incident, which involves a LUMIFI analyst verifying evidence <br />of an attack or threat actor, Customer will be notified as agreed during deployment. <br />If the confirmed incident has at-risk assets that are covered by Rapid Quarantine, <br />LUMIFI will act according to the agreed playbook(s). <br />EVENT <br />MONITORING <br />(CI-MDR) <br />Many integrations include raw audit and security events that LUMIFI uses for <br />additional XDR detections of threats, for contextual information during <br />investigations, or to determine normal behavior patterns of systems. While events <br />are crucial, they are also the primary driver of data volumes sent to LUMIFI, so it is <br />important that only security-relevant events are sent to maximize the value of <br />Customer’s MDR service. <br /> <br />Customer responsibility for in-scope products: <br />• Correctly configure Customer’s products to only send security relevant <br />events and alerts <br />• Stay within Customer’s contracted data limits <br />• Work with LUMIFI if Customer is forecasted to exceed, or exceeds, the <br />contracted data limits and promptly pay for invoiced overages <br />THREAT <br />HUNTING <br />(CI-MDR) <br />LUMIFI will engage in threat hunting activities at its discretion. Typical reasons <br />include: <br />• Enhanced Monitoring for at-risk assets <br />• Scanning customer environments during large-scale cyber incidents <br />• Automated threat hunting results review <br />• Periodic reviews of customer networks at Customer request <br /> <br />LUMIFI will utilize all in-scope security products to investigate Customer’s networks <br />via LUMIFI analytics tools. Unusual findings will be escalated to Customer and/or <br />discussed during Service Reviews.