Fortis ActiveRecovery Malware Digital Forensics Jumpstart

Fortis by Sentinel’s Incident Response team will use best efforts, as specified in the Service Level Agreement below, to address a malware incident within your organization’s Azure environment. Fortis by Sentinel will provide Digital Forensics & Incident Response resources to perform services related to the incident remotely or will begin deployment on-site within 24 hours upon receipt of written request (barring travel restrictions). The Incident Response resources will work with the customer to perform the following services.
Digital Forensics & Incident Response Services Services are subject to applicable technology fees on an as-needed basis: • Deployment support for Fortis by Sentinel’s Velociraptor triage tool. • Endpoint sweeping to plan and provide actionable guidance to quarantine or isolate active threats and/or threat actors in Azure. • Forensics analyzes systems of interest looking for indications of initial access and threat actor activities taken, including data access & exfiltration. • Tenant provisioning and deployment guidance for cloud-based next generation endpoint detection and response tools including policy and permit/deny list configuration and integration into Fortis by Sentinel’s SIEM for SOC services. • Investigate and analyze telemetry from the remediation tools, data from endpoint sweeping, and available firewall, flow, proxy, and email logs (as relevant) to understand the root cause, scope, and impact. • Deep dive, forensically sound, disk-level or artifact-level forensics on endpoint systems as required. • Sandbox analysis of malware, scripts, and files as deemed necessary by Fortis by Sentinel. • Monitor the Azure environment throughout the engagement to maintain the overall health of the environment and provide endpoint isolation services where supported. • Status reporting, including (upon request) a Forensics Report.