# Customer Operational Guide *** **Overview** This document outlines your operational responsibilities based on your CybrHawk service subscription. We offer two primary service models to match your organisation's security maturity and resource availability. | Service Tier | Primary Purpose | Key User Responsibility | | ----------------------------- | ------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- | | **Managed SOC Service** | Full security operations outsourcing. Our team manages detection, triage, and initial response. | **Respond to Escalations** - Review and act on critical requests from our SOC. | | **SIEM/SecOps Platform Only** | Self-managed security operations. You retain full control of detection and response using our platform. | **Daily Triage** - Actively monitor and manage security alerts within the platform. | *** #### **1. For Managed SOC Customers** **Your Role: The Incident Commander** When you subscribe to our Managed SOC service, our security analysts become an extension of your team. We handle the 24/7 monitoring, investigation, and initial containment, allowing you to focus on strategic business decisions. **Primary Responsibility: Respond to Escalations** * You will receive critical notifications via **email** or **phone** when our SOC requires your input or action. * These escalations are typically for: * **Validation:** "We see a critical action from user \[X]. Is this authorized?" * **Action:** "We have contained a threat on endpoint \[Y]. Please inform the user." * **Decision:** "An incident has been declared. Activate your incident response plan." **Technical Requirement:** * **No daily login to the platform is required.** * You only need to monitor the communication channels (email/phone) used for escalations. **Strong Recommendation: Leverage the Platform for Awareness** While not mandatory, logging into the **Security Dashboard** provides significant benefits: * **Operational Awareness:** View real-time security posture, active incidents, and threat trends. * **Skill Uplift:** Observe how our analysts investigate and respond to threats—a free training resource for your team. * **Proactive Oversight:** Access customized reports and dashboards for compliance and management reviews. > **Best Practice:** We recommend a daily login to review the **Security Posture Dashboard** and any closed incident reports to maintain situational awareness. *** #### **2. For SecOps/SIEM Platform Only Customers** **Your Role: The Security Operator** With the SIEM Platform, your team is in full control of your security operations. The platform provides the tools and intelligence, you provide the analysis and response. **Primary Responsibility: Daily Alert Triage.** You must actively manage the security alerts generated by the platform. This can be done through two primary methods: **Method 1: Direct Console Login (Recommended)** 1. Log in to the **CybrHawk Security Dashboard** daily. 2. Navigate to the **“Security Detections”** queue. 3. **Triage Alerts:** Review, investigate, and action each alert by: * **Closing** false positives. * **Escalating** true positives to your IT team for remediation. * **Adding notes** for audit trails. **Method 2: Email Alert Monitoring (Minimum Requirement)** * Ensure **email alerts are enabled** for your security team. * Review all email notifications for new detections. * **You must log in to the console to fully investigate and close alerts.** Email is for notification only. **Technical Requirement:** * **Daily interaction with the platform is required** to maintain security efficacy. * Your team is responsible for the end-to-end process: Detection → Triage → Response → Closure. *** #### **Summary of Responsibilities** | Action | Managed SOC Customer | Platform Customer | | -------------------------- | ----------------------- | -------------------------------------------------- | | **24/7 Monitoring** | Handled by CybrHawk SOC | Your Responsibility | | **Initial Alert Triage** | Handled by CybrHawk SOC | **Your Responsibility** | | **Respond to Escalations** | **Your Responsibility** | Not Applicable (except active hunts and zero-days) | | **Daily Platform Login** | Recommended (Awareness) | **Required** (Operation) | | **Email Alert Review** | For escalations only | Minimum requirement for notifications | *** #### **Getting Started Checklist** **For Managed SOC Customers:** * [ ] Provide emergency contact details for escalations. * [ ] Bookmark the CybrHawk Customer Portal. * [ ] Schedule a monthly review meeting with your assigned analyst. **For SIEM Platform Only Customers:** * [ ] Designate primary analysts for daily triage. * [ ] Configure email alert recipients. * [ ] Complete CybrHawk Analyst Console training. * [ ] Establish an internal workflow for alert response and closure. **Need Help?** Our support team is here to assist with: * Technical configuration and onboarding. * Analyst training for the platform. * Defining escalation workflows. **Contact Support:** *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cybrhawksoc.gitbook.io/cybrhawk-docs/soc-analyst-guide/customer-operational-guide.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.