Blue teaming

FalconForce Sentry Detect: Managed Detection Engineering

Defensive capability workshop

Our Sentry Detect offering includes a combination of advanced detection content, tools and support by FalconForce professionals. Sentry Detect will enable your team to use our advanced detection content, tuned to your environment. Our repository currently has over 500 premium, high-fidelity detections. Each detection includes:

  • The KQL query.
  • Extensive documentation with (technical) details of the detection focus and relevant attack, blindspots (if any), potential false-positives, and suggested response actions, related data sources, references to relevant MITRE ATT&CK Tactics / Techniques, change logs, filter variables, references to related FalconForce detections and materials that were used during the research.
  • Implementation in your environment.
  • Tuning in your environment.
  • Minor and major version updates.

How we collaborate with you

During the onboarding process, we set up the detection-as-code pipelines in your environment. You can then select the advanced detections from our repository via our web portal. We are happy to advise you and together we can make a roadmap, based on relevant threats and your existing detection coverage (for example, using MITRE ATT&CK).

Once you have been onboarded, we will start delivering and tuning detection content into your environment. We continuously develop new advanced detections and add these to our repository – for you to choose from!

A risk-based scoring dashboard is implemented in Sentinel so you can analyze (series of) alerts based on your business’ priorities.

We offer our Sentry Detect services in three models

Each model’s features are described in detail below. Each model will enable your team to use our advanced detection content, tuned to your environment. 

Sentry Detect – Booster

Go fast. Aimed at organizations that want to deploy a set of detections from our current repository in a short timeframe. For example, to tackle known detection coverage gaps. One-time tuning by FalconForce professionals is included in a fixed-fee project.

Sentry Detect – Pro subscription

Get regular new detections. In this subscription model, we deliver up to 5 detections per month with the detection-as-code pipelines. Ongoing tuning and deployment of detections is included.

Sentry Detect – Enterprise subscription

Self-deploy our content in parallel with our support. This subscription allows your team unlimited (fair use) deployment of our content, while we also deliver up to 10 detections per month. This model includes use of the risk-based scoring dashboard.

The below table provides an overview of all features per Sentry Detect model:

Download the Sentry Detect datasheet 

“Our managed detection engineering service can greatly boost your threat detection capability!”

Blue teaming

Our other services

Blue consultancy

Looking for expertise to enhance specific parts of your threat detection stack? FalconForce can help! We have expertise in setting up automated deployment pipelines, automating enrichment, custom detection development, BloodHound and testing your detections. Please get in touch so we can discuss what you are looking for and where we can help!

Together. Secure. Today.

Get in touch with one of our professionals

Want to discuss your challenges in more detail or wondering what we can do for you? We are happy to meet you for a (virtual) coffee. Please get in touch!
Get in touch

FalconForce realizes ambitions by working closely with its customers in a methodical manner, improving their security in the digital domain.

Energieweg 3
3542 DZ Utrecht
The Netherlands

FalconForce B.V.
[email protected]
(+31) 85 044 93 34

LinkedIn
X

KVK 76682307
BTW NL860745314B01

Privacy Policy

Terms & Conditions