Laserfiche WebLink
<br />©2025 Lumifi Cyber, Inc. All rights reserved. <br />PRIVATE - Controlled by Lumifi Cyber <br /> <br />13/18 <br />PRIVATE - Controlled by Lumifi Cyber <br /> <br />RESPONSE <br />(CI-MDR) <br />If LUMIFI confirms an incident during Case Review or Threat Hunting, LUMIFI will <br />notify Customer within the specified Service Level Agreement section. <br /> <br />If the in-scope assets are covered by the LUMIFI Rapid Quarantine service <br />component, LUMIFI will take response actions in-line with the agreed playbook(s). <br /> <br />LUMIFI will follow the contact procedures outlined during Customer onboarding for <br />contact procedures during response, including method of contact and who to contact <br />depending on incident severity. <br /> <br />LUMIFI will provide context and recommended next steps for lower severity <br />investigations. LUMIFI also has a number of playbooks that will be included for <br />common threat behaviors. <br /> <br />For urgent or high severity incidents, a final Incident Report will be delivered to <br />Customer at the time that all related tickets are closed. <br /> <br />The report will include: <br />• Summary of incident <br />• Summary of any confirmed actions taken (by LUMIFI and/or Customer) <br />• Final status and/or resolution <br /> <br />Customer Responsibility during Response: <br />• Following cybersecurity best practices or LUMIFI’s recommended playbook <br />steps <br />• If Customer thinks this is a false positive, notifying LUMIFI and providing <br />supporting details will allow LUMIFI to deliver better services for future <br />notifications <br />• Informing LUMIFI if an alternative method of notification is preferred <br />RAPID <br />QUARANTINE <br />(CI-MDR) <br /> <br />The Rapid Quarantine service allows LUMIFI to block at-risk users through in-scope <br />Identity Providers (i.e. Microsoft Entra ID), or isolate at-risk hosts though in-scope <br />EDR’s. <br /> <br />If Customer has opted into the Rapid Quarantine service component and activated it <br />by completing the steps outlined in the MDR Deployment section, LUMIFI will utilize <br />the agreed playbook(s) during confirmed incidents. LUMIFI will take actions <br />governed by the mutually agreed Rapid Quarantine Playbook when any <br />investigation reaches the thresholds determined in the playbook. LUMIFI will take <br />no action in Customer’s environments that is not detailed in the agreed playbook(s). <br /> <br />LUMIFI’s actions as detailed in the Rapid Quarantine Playbook may include, but are <br />not limited to: <br />• Use Customer’s EDR to quarantine/isolate an endpoint <br />• Use an Identity Provider to block a user account <br />• Reach out to Customer for approval to quarantine <br />• Notify Customer of a confirmed incident <br /> <br />Customer Responsibility during the Rapid Quarantine Service: <br />• Ensure underlying EDR and Identity Provider service integrations remain <br />in working order through periodic testing with CI <br />• Un-isolating or un-blocking the quarantined assets once Customer has <br />completed their remediation.