Fortinet black logo

User Guide

Home SOCaaS User Guide

Collaboration with MDR

Collaboration with MDR

For customers with managed detection and response (MDR), SOCaaS will send an Alert notification email to an MDR email alias.

The email will include the following:

  • Customer name/FortiCare ID

  • Alert description and summary

  • SOCaaS monitored assets affected

  • Users detected in the logs

  • Indicators from the Alert

The MDR team receives SOC’s detection notification on the EDR management console and will reach out to the customer to confirm the incident and investigate further.

During the investigation process, the SOCaaS team will assist the MDR team and the customer with providing additional information, such as reports, logs, etc.

Customers may have in-house incident response (IR) capabilities, a subscription to Fortinet MDR, IR services, or another managed services provider who would take the lead on investigation and remediation.

If an incident is confirmed and the customer's IR service provider or lead is engaged, SOCaaS will continue collaborative investigation with the MDR and IR teams on new findings from FortiEDR or other sources until the investigation is complete.

Previous
Next

Collaboration with MDR

For customers with managed detection and response (MDR), SOCaaS will send an Alert notification email to an MDR email alias.

The email will include the following:

  • Customer name/FortiCare ID

  • Alert description and summary

  • SOCaaS monitored assets affected

  • Users detected in the logs

  • Indicators from the Alert

The MDR team receives SOC’s detection notification on the EDR management console and will reach out to the customer to confirm the incident and investigate further.

During the investigation process, the SOCaaS team will assist the MDR team and the customer with providing additional information, such as reports, logs, etc.

Customers may have in-house incident response (IR) capabilities, a subscription to Fortinet MDR, IR services, or another managed services provider who would take the lead on investigation and remediation.

If an incident is confirmed and the customer's IR service provider or lead is engaged, SOCaaS will continue collaborative investigation with the MDR and IR teams on new findings from FortiEDR or other sources until the investigation is complete.

Previous
Next