Blue teaming

FalconForce Sentry Detect: Managed Detection Engineering

As an organization, staying ahead of cyber adversaries is more important than ever. To keep up with the changing threat landscape and protect your business from malicious actors, you need sophisticated content that can detect evolving threats and fast. Creating high-quality detection content takes experience as well as ongoing effort to ensure relevance in this constantly shifting environment.

We offer a way to save your team valuable time and provide you with advanced detection content via our FalconForce Sentry Detect service. Custom-made for you or taken from our repository of proven use-cases; based on our constant research of adversarial techniques, our offensive and defensive engagements, and collaboration with our clients. FalconForce supports with implementing and tuning the use-cases to your environment. This will enable your team to focus on what really matters: keeping your business secure.

Defensive capability workshop

Our detection content is focused on Microsoft Sentinel and the Microsoft Defender suite and is completely aligned with MITRE ATT&CK®. With the access to our advanced use-cases, you are boosting the detection capabilities of Microsoft Sentinel and the Microsoft Defender suite. Our advanced detections go beyond the threats that, for instance, Microsoft Defender picks up out-of-the-box. The use-cases are provided in a format suited to your ingestion requirements. We currently offer YAML, Markdown and JSON formats out-of-the box.

Sentry Detect – booster packages for in-house (hybrid) SOCs

Our offering to you: we commit ourselves to delivering a ‘booster package’ of 10 or more use-cases from our growing repository to your environment. You can use our premium use-cases to monitor your environment for advanced threats. Each booster package includes access to our advanced detection content including KQL query, meta-data and documentation. Our repository currently contains 450+ custom advanced detections. New content is added every month.

Our premium detection content includes per use-case:

  • KQL query and meta-data.
  • Use-case documentation.
  • Implementation in your environment
  • One-time finetuning in your environment.

 

Sentry Detect – subscription for in-house (hybrid) SOCs

Our offering to you: we commit ourselves to delivering new use-cases each month to your environment that will boost your detection capability. You can use our premium use-cases to monitor your environment for advanced threats. The roadmap of use-cases will be selected together and will not overlap with any use-cases your team already developed.

We offer automated deployment pipelines to deploy, tune, and maintain the advanced use-cases continuously without burdening your team members.

The subscription includes a steady stream of new (custom) advanced detection content including KQL query, meta-data and documentation, finetuning and maintenance.

Our premium detection content includes per use-case:

  • KQL query and meta-data.
  • Use-case documentation.
  • Implementation in your environment
  • Finetuning in your environment.
  • Use-case maintenance.

 

Sentry Detect – for MSSPs

Our offering to you as MSSP: we offer a ready-to-use Git repository with premium detection content in an agreed-upon format. You can accelerate your manage security solution built around the Microsoft Sentinel and Defender ecosystem, by leveraging our entire set of premium detection content instantly.

We commit ourselves to adding new use-cases each month to our repository and you can request custom development of use-cases for your clients. Our premium use-cases can be used by your team to monitor your customers’ environments for advanced threats.

The repository includes per use-case:

  • KQL query and meta-data.
  • Use-case documentation.
  • Finetuning suggestions for deployment in your customers’ environments.
  • Use-case maintenance.

Moreover, we share our toolkit to deploy use-cases efficiently to your customers, with the flexibility to have customizations per client. We will support setting up the integration of our repository into your environment.

 

Download our managed detection engineering datasheet 

“Our managed detection engineering service can greatly boost your threat detection capability!”

Blue teaming

Our other services

Blue consultancy

Looking for expertise to enhance specific parts of your threat detection stack? FalconForce can help! We have expertise in setting up automated deployment pipelines, automating enrichment, custom detection development, BloodHound and testing your detections. Please get in touch so we can discuss what you are looking for and where we can help!

Together. Secure. Today.

Get in touch with one of our professionals

Want to discuss your challenges in more detail or wondering what we can do for you? We are happy to meet you for a (virtual) coffee. Please get in touch!

FalconForce realizes ambitions by working closely with its customers in a methodical manner, improving their security in the digital domain.

Energieweg 3
3542 DZ Utrecht
The Netherlands

FalconForce B.V.
[email protected]
(+31) 85 044 93 34

KVK 76682307
BTW NL860745314B01