BlueVoyant:

Below are the alerts we receive from BlueVoyant to IT- Security tickets bin:

. Anti-virus alerts
. Bruteforce alerts
. OneDrive alerts
. Log Collector alerts
. Authentication (4624) related alerts
. Phishing alerts and
. Other alerts

Other tickets:

. We receive tasks from users of phishing emails/ suspicious activities within

network etc., which falls under Unassigned groups- tasks bin.

Other alerts:

. We receive cloud app alerts from Microsoft Defender portal where BV doesn't have
access to it which we work on daily basis.
This involves:

From InfoSec:

. InfoSec team send us the TI (Threat Intellengence) alerts to work on urgent basis
to IT_Security mailbox.
. Splunk generates an automatic daily failed logins report to IT_Security mailbox.
. We receive Anti-Virus and Anti-bot/ App Control weekly reports to IT_Security
mailbox on Sunday.
. SEPM alerts to IT_Security mailbox (managed by Varun).

-> We send weekly report by collecting the information of on-going tasks of each
individual on wednesday to Rachel.
This contains SNOW tickets data, cloud app alerts data.

-> We send the reports of Anti-virus & Anti-bot / App Control weekly status.

-> We send the cloud app's, "mass download" alerts status to Rachel everyday.

-> Manager assign individual task or group task (audits, vulnerabilities etc.,)
based on the task complexity by clearly explaining the agenda.

-> Follow ups with users on AV reports and BV alerts part of invetigation and
remediation.

-> We co-ordinate and work with other IT teams to resolve the security threats.

-> Preparing the IT- SecOps dashboard data every month and work with Pradeep
Prakash to replicate in Power BI console (Generally we add this data after 21st of
every month).

-> Co-ordinating with the InfoSec team and working on complex alerts along with
them.

-> Ad-hoc work when an urgent alert comes up.