TD Website

Alerts and Escalations

What are Security Detections?

Security Detections are alerts raised when potential risks, cyber threats, or suspicious events are identified. They include detections generated by the ThreatDefence SecOps platform (based on predefined use cases) as well as alerts ingested from your integrated log sources.

What are Escalations?

An Escalation is created when our SOC team identifies an event that requires your attention or non-immediate action. Escalations are tracked until resolved, and if no response is received, our team will follow up with your designated contacts.

What are Incidents?

Incidents are high-severity security events declared by the SOC team that typically require an immediate response. For incidents, the SOC follows the agreed escalation path (for example, direct phone calls to your team) to ensure rapid containment and resolution.

Minimum Customer Effort (SOC Service – TD Complete)

As a SOC subscriber, our team continuously monitors and triages your detections. The minimum effort expected from you is to respond to Notifications.

Recommended involvement can be aligned to the following operations awareness maturity levels:

  • L1 (Minimum): Respond to escalations raised by the SOC team.

  • L2 (Intermediate): Review the Security Detections dashboard daily or monitor email alerts generated from detections.

  • L3 (Advanced): Conduct a one-hour monthly threat hunt across critical areas such as O365 access, network flows, endpoint activity, CIS benchmarking, privileged user access, and emerging threats.

Who Manages Alert Definitions?

All use cases and detection correlations are created, managed, and continuously updated by the ThreatDefence SecOps team.

Can I Create Custom Alerts?

Yes.

  • A custom alerting GUI is available for partners who meet specific commitments.

  • Alternatively, you can request new alerts by contacting [email protected].

How Many Alerts Should I Expect?

As a guideline:

  • An organization with ~500 users and 15+ onboarded data sources (e.g., email, endpoints, servers, dark web, vulnerability scans) can expect 30–50 alerts per month.

  • These will typically result in 2–3 Escalations requiring IT team action.

Can We Create Playbooks?

Yes, but this is best suited for MSSPs with a dedicated detection engineering team. Playbook creation requires input from SOC experts to ensure quality.

➡️ Contact your platform account manager for a review of your requirements and advice on available options.

PreviousGeneral QuestionsNextTenant Management

Last updated