TD SecOps
ThreatDefence provides a 24×7 Security Operations Centre (SOC) to monitor, triage, and respond to security incidents. This page describes the key SOC functions and processes.
Core Functions
Continuous Monitoring – Logs and telemetry from onboarded data sources are collected and analysed.
Alert Triage – Alerts are validated and classified by SOC analysts.
Threat Hunting – Proactive searches for hidden or undetected threats.
Incident Response – Containment and remediation actions coordinated with customer teams.
Escalations – High-severity events are escalated through agreed procedures.
Reporting – Dashboards and monthly reports track detections and SOC performance.
SOC Workflow
Monitoring Data is collected from endpoints, network sensors, cloud services, and integrations.
Triage Alerts are reviewed in the Security Detections Dashboard and categorised (benign, suspicious, malicious).
Escalation Confirmed threats or cases requiring customer input are escalated via ticket, email, or phone.
Containment and Response Isolation of endpoints or accounts, blocking of IoCs, and coordination of customer IT response.
Recovery and Closure Malicious artefacts are removed, systems restored, and incidents closed once validated.
Post-Incident Review Reports and timelines are produced, including remediation recommendations.
Communication Channels
24×7 SOC Hotline – For critical incidents.
Email & Service Desk – For non-urgent alerts or service requests.
Zoom Bridge – Live session during major incidents.
Secure IM – Optional real-time channel provided by SOC.
Related Pages
Last updated