Blue teaming
FalconForce Sentry Detect: Managed Detection Engineering
As an organization, staying ahead of cyber adversaries is more important than ever. To keep up with the changing threat landscape and protect your business from malicious actors, you need sophisticated content that can detect evolving threats and fast. Creating high-quality detection content takes experience as well as ongoing effort to ensure relevance in this constantly shifting environment.
We offer a way to save your team valuable time and provide you with advanced detection content via our FalconForce Sentry Detect service. Custom-made for you or taken from our repository of proven use-cases; based on our constant research of adversarial techniques, our offensive and defensive engagements, and collaboration with our clients. FalconForce supports with implementing and tuning the use-cases to your environment. This will enable your team to focus on what really matters: keeping your business secure.
Our detection content is focused on Microsoft Sentinel and the Microsoft Defender suite and is completely aligned with MITRE ATT&CK®. With the access to our advanced use-cases, you are boosting the detection capabilities of Microsoft Sentinel and the Microsoft Defender suite. Our advanced detections go beyond the threats that, for instance, Microsoft Defender picks up out-of-the-box. The use-cases are provided in a format suited to your ingestion requirements. We currently offer YAML, Markdown and JSON formats out-of-the box.
Sentry Detect – booster packages for in-house (hybrid) SOCs
Our premium detection content includes per use-case:
- KQL query and meta-data.
- Use-case documentation.
- Implementation in your environment
- One-time finetuning in your environment.
Sentry Detect – subscription for in-house (hybrid) SOCs
We offer automated deployment pipelines to deploy, tune, and maintain the advanced use-cases continuously without burdening your team members.
The subscription includes a steady stream of new (custom) advanced detection content including KQL query, meta-data and documentation, finetuning and maintenance.
Our premium detection content includes per use-case:
- KQL query and meta-data.
- Use-case documentation.
- Implementation in your environment
- Finetuning in your environment.
- Use-case maintenance.
Sentry Detect – for MSSPs
We commit ourselves to adding new use-cases each month to our repository and you can request custom development of use-cases for your clients. Our premium use-cases can be used by your team to monitor your customers’ environments for advanced threats.
The repository includes per use-case:
- KQL query and meta-data.
- Use-case documentation.
- Finetuning suggestions for deployment in your customers’ environments.
- Use-case maintenance.
Moreover, we share our toolkit to deploy use-cases efficiently to your customers, with the flexibility to have customizations per client. We will support setting up the integration of our repository into your environment.
“Our managed detection engineering service can greatly boost your threat detection capability!”
Blue teaming
Our other services
Blue consultancy
Together. Secure. Today.
Get in touch with one of our professionals
FalconForce realizes ambitions by working closely with its customers in a methodical manner, improving their security in the digital domain.
Energieweg 3
3542 DZ Utrecht
The Netherlands
FalconForce B.V.
[email protected]
(+31) 85 044 93 34
KVK 76682307
BTW NL860745314B01