Professional Documents
Culture Documents
Security Roles and Resp
Security Roles and Resp
Below are the alerts we receive from BlueVoyant to IT- Security tickets bin:
. Anti-virus alerts
. Bruteforce alerts
. OneDrive alerts
. Log Collector alerts
. Authentication (4624) related alerts
. Phishing alerts and
. Other alerts
Other tickets:
Other alerts:
. We receive cloud app alerts from Microsoft Defender portal where BV doesn't have
access to it which we work on daily basis.
This involves:
From InfoSec:
. InfoSec team send us the TI (Threat Intellengence) alerts to work on urgent basis
to IT_Security mailbox.
. Splunk generates an automatic daily failed logins report to IT_Security mailbox.
. We receive Anti-Virus and Anti-bot/ App Control weekly reports to IT_Security
mailbox on Sunday.
. SEPM alerts to IT_Security mailbox (managed by Varun).
-> We send weekly report by collecting the information of on-going tasks of each
individual on wednesday to Rachel.
This contains SNOW tickets data, cloud app alerts data.
-> We send the reports of Anti-virus & Anti-bot / App Control weekly status.
-> We send the cloud app's, "mass download" alerts status to Rachel everyday.
-> Manager assign individual task or group task (audits, vulnerabilities etc.,)
based on the task complexity by clearly explaining the agenda.
-> Follow ups with users on AV reports and BV alerts part of invetigation and
remediation.
-> We co-ordinate and work with other IT teams to resolve the security threats.
-> Preparing the IT- SecOps dashboard data every month and work with Pradeep
Prakash to replicate in Power BI console (Generally we add this data after 21st of
every month).
-> Co-ordinating with the InfoSec team and working on complex alerts along with
them.