Threat Review Detail

Information and detail of a Threat Review are presented within the Samurai MDR portal. In this article we walk through elements of each Threat Review.

Summary

Summary information of the Threat Review including status, start and end date. These dates will align with you Samurai MDR subscription (i.e quarterly or monthly) please review How often are Threat Reviews conducted?

Figure 1: Example Summary data

Metrics

Hover over any area of each chart for additional information.

For the given Threat Review period, various widgets will be displayed providing you insight to the service. This includes:

Monitoring, Detection & Response Summary

The funnel summarizes:

telemetry ingested (events) by the Samurai platform from your configured integrations
the security detections (alerts) made by the Samurai platform detection engines and third party vendors which are triaged and investigated by the Samurai SOC
the number of security incidents reported to your organization

The funnel infers the value of the service based on the data analyzed focusing on detecting and reporting threats to your organization.

Figure 2: Example Monitoring, Detection & Response summary for the period

You can also find information within a specified time-frame within the Alerts Dashboard.

Licence usage

Two charts display your utilized data quota (in Gigabytes GB) against your data subscription (an aggregated quota typically based on number of endpoints subscribed). Any overages or under utilization is discussed with you during the Threat Review meeting.

Licence usage charts may not be included if your subscription is not based on number of endpoints.

Figure 3: Example Licence usage for the period

Alerts

A donut chart showing the alerts per detection method over the Threat Review period. For a brief explanation of the detection engines please refer to Alerts

Figure 4: Example Alerts per detection method chart

You can also find additional information on alerts within the Alerts Dashboard.

Security Incidents

A chart depicting security incidents reported by severity within the Threat Review period.

Figure 4: Example Security incidents per severity chart

You can also find Security Incident information within a specified time-frame within the Security Incidents dashboard.

Security Incidents

New Security Incidents

Presented in the table are all Security Incidents reported during the Threat Review period.

Click on a Security Incident and you are redirected you to the Situation Room relevant to the Security Incident. Refer to The Situation Room for additional information.

Figure 5: Example New security incidents table

Highlighted Security Incidents

Any Security Incidents that the SOC determine require attention and discussion during the Threat Review meeting will be included here in table format.

General Tickets

Presented in the table are all general tickets which were created within the Threat Review period.

Click on a General Ticket and you are redirected to the ticket details. Refer to Getting Help for additional information.

New General tickets

Figure 6: Example New general tickets table

Highlighted general tickets

Any General Tickets that the SOC determine require attention and discussion during the Threat Review will be included here in table format.

Other

Any other topics outside of a standard Threat Review are displayed here, for example a client working with a dedicated Cybersecurity Advisor (CSA) with specific requests may be documented here.

Action Points

A list of current Action Points based on all Threat Review, for example recommendation that have been made which may require your action.

Figure 7: Example Action points table