Lumen provides 24/7 SIEM monitoring and incident handling leveraging your SIEM platform. The service features include:

• Supported SIEM standard platforms are IBM QRadar, Splunk, Sentinel, LogRhythm, and FortiSiem.
• 24/7 SIEM monitoring and notification: confirm the validity of SIEM Alerts, perform prescriptive analysis and provide notification according to Run Book.
• Use case development and tuning—Lumen has a default set of templated use cases that adhere to the MITRE ATT&CK® framework. These use cases are customized for your environment and applied within your SIEM platform.
• Run book development and maintenance—including notification process and procedures for handling alerts and incidents. 
• Deep-dive analytics—analysis of trends, threats, incident mining and lessons learned, resulting in additional information about the Incident (such as causes and impacts) and expanded remediation recommendations (such as addressing impacted systems, etc.) to be included in the ticket (available in Plus and Premium packages).
• Incident handling—identify cause of incidents by conducting analysis of logs, validates priority and recommends remediation actions (available in Plus and Premium packages).
• Use case advanced tuning (available in Plus and Premium packages).
• Threat hunting—proactive function conducted by a Lumen security analyst who reviews logs and configurations outside of your SIEM, taking into account current trends, outside of established use cases with the goal of discovering anomalies related to current events (available in Premium package).

Virtual SOC is offered in three package options, with pricing based on maximum number of monthly incidents and packaged selected by the customer. Standard features vary based on the package selected.

Lumen Virtual SOC is available in three packages:

• Essentials: Includes 24/7 SIEM monitoring and notification, use case development and tuning, and run book development and maintenance.
• Plus: Includes features in Essentials package plus deep-dive analytics service, incident handling and use case advanced tuning.
• Premium: Includes features in Plus package plus threat hunting.

During the transition phase, Lumen security experts will work with you to collect the information required to develop the run book and identify critical use cases. Our security team will log in daily to your SIEM platform and monitor security events. Once an incident is identified, the SOC analyst classifies, triages and analyzes the event to validate if it is a false positive. True events are prioritized and notified to customers. Our SOC experts analyze logs to isolate incidents and provide deep-dive analytic analysis (trends analysis, threats, ticket mining, and lessons learned) and remediation recommendations that will enhance your response. Lumen can also offer proactive threat hunting (exclusive for the Premium package), where the expert reviews your system based on current trends outside of established use cases to discover anomalies related to current events.