Threat Review
What is a Threat Review?
A Threat Review is a meeting between Samurai Security Operation Center (SOC) Analysts your assigned Cybersecurity Advisor (if applicable) and your designates with the goal of ensuring your organization derives maximum value from the Samurai Managed Detection and Response (MDR) service.
Threat Reviews include:
- review of any reported security incidents within the time period
- recommendations to improve detection and response
- follow-up and tracking to ensure reported threats are handled and mitigated
- dialogue around detection and emerging threats
How often are Threat Reviews conducted?
Threat Reviews are conducted quarterly with a standard Samurai MDR subscription and are typically scheduled during onboarding.
For clients’ that prefer a dedicated senior-level resource and a monthly candence of Threat Reviews the Samurai Cybersecurity Advisor is available as an add-on subscription.
Review MDR Threat Reviews and/or SamurAI Cybersecurity Advisor Service Description.
Threat Reviews and the SamurAI MDR Portal
Threat Review information is available within the Samurai MDR Portal after being published by the SOC. Publication of a new Threat Review will typically occur 24hrs before the scheduled meeting.
To access Threat Reviews, click on 
Threat Review from the main menu.
A visual indicator is displayed beside the Threat Review menu item displaying the number of published Threat Reviews that may require your review.
The Threat Review landing page displays all Threat Reviews to date for your Samurai MDR subscription and also documented Action Points.
Figure 1: Example Threat Reviews
Threat Review Fields
Find information related to Threat Review fields:
1. Reference
- Reference number of the Threat Review
2. Status
3. Title
- A given title for the Threat Review typically based on the time period.
4. Start Date
- Start date for all detail within the Threat Review.
5. End date
- End date for all detail within the Threat Review.
Action Points
Action Points are typically tasks that have been documented during a Threat Review. Actions points are tracked over the subcription period and once actioned updated as Completed.
Figure 2: Example Action Points
What now?
Click on a Threat Review listed within the landing page to view more detail. Review Threat Review Detail for additional information.
1 - Threat Review Detail
Information and detail of a Threat Review are presented within the Samurai MDR portal. In this article we walk through elements of each Threat Review.
Summary
Summary information of the Threat Review including status, start and end date. These dates will align with you Samurai MDR subscription (i.e quarterly or monthly) please review How often are Threat Reviews conducted?
Figure 1: Example Summary data
Metrics
Hover over any area of each chart for additional information.
For the given Threat Review period, various widgets will be displayed providing you insight to the service. This includes:
Monitoring, Detection & Response Summary
The funnel summarizes:
- telemetry ingested (events) by the Samurai platform from your configured integrations
- the security detections (alerts) made by the Samurai platform detection engines and third party vendors which are triaged and investigated by the Samurai SOC
- the number of security incidents reported to your organization
The funnel infers the value of the service based on the data analyzed focusing on detecting and reporting threats to your organization.
Figure 2: Example Monitoring, Detection & Response summary for the period
You can also find information within a specified time-frame within the
Alerts Dashboard.
Licence usage
Two charts display your utilized data quota (in Gigabytes GB) against your data subscription (an aggregated quota typically based on number of endpoints subscribed). Any overages or under utilization is discussed with you during the Threat Review meeting.
Licence usage charts may not be included if your subscription is not based on number of endpoints.
Figure 3: Example Licence usage for the period
Alerts
A donut chart showing the alerts per detection method over the Threat Review period. For a brief explanation of the detection engines please refer to Alerts
Figure 4: Example Alerts per detection method chart
Security Incidents
A chart depicting security incidents reported by severity within the Threat Review period.
Figure 4: Example Security incidents per severity chart
Security Incidents
New Security Incidents
Presented in the table are all Security Incidents reported during the Threat Review period.
Click on a Security Incident and you are redirected you to the Situation Room relevant to the Security Incident. Refer to The Situation Room for additional information.
Figure 5: Example New security incidents table
Highlighted Security Incidents
Any Security Incidents that the SOC determine require attention and discussion during the Threat Review meeting will be included here in table format.
General Tickets
Presented in the table are all general tickets which were created within the Threat Review period.
Click on a General Ticket and you are redirected to the ticket details. Refer to Getting Help for additional information.
New General tickets
Figure 6: Example New general tickets table
Highlighted general tickets
Any General Tickets that the SOC determine require attention and discussion during the Threat Review will be included here in table format.
Other
Any other topics outside of a standard Threat Review are displayed here, for example a client working with a dedicated Cybersecurity Advisor (CSA) with specific requests may be documented here.
Action Points
A list of current Action Points based on all Threat Review, for example recommendation that have been made which may require your action.
Figure 7: Example Action points table