SOC Escalation Update
Change to soc escalations
When escalating to the SOC, we will now have a button that initates the escalation
This will act similarly to our other escalation buttons, such as Tier 3 escalation
Review: When do we escalate to SOC?
SentinelOne/BitDefender Issues or Requests (also called "Detect and Respond" Endpoint Protection as a Connectwise Product
Issues or Requests with Profile and Protect Note: this is typically not customer facing, and mentions of this would likely come from Tier 4
Network and Compliance (D&R)
This is a fully managed solution from the standpoint of the entire network
Note: this is typically not customer facing, and mentions of this would likely come from Tier 4
How to check for SentinelOne
When performing troubleshooting for a Network or Virus issue, we must check to see if SentinelOne is on the system
Utilize Automation!
Run the "AV Scan Bot" from Quick Automations - it will inform you if SentinelOne is active on the system
Manual Check
If the AV Scan bot is unsucessful, you can manually check by checking the "Profile" of the endpoint in the Servers and Desktops section of Techview
In the incident actions tab, you will now see an Escalate to SOC button Let's walk through the actions of the new Escalation to SOC workflow
You will receive two prompts - please review the prompts and click OK
You will receive two prompts - please review the prompts and click OK
Once completed, you will recieve confirmation
A teams card will be generated to the SOC team to review the details This will also create a ticket for them in their ticketing system
Additional Details
- The SOC team can reply to the Teams card, and the internal notes of the Cherwell ticket will be updated
- Additionally, the SOC team can assign the ticket back to the Help Desk (in Update Recieved status)
Thank you!
SOC Escalation Button
dustin.weber
Created on October 17, 2022
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Geniaflix Presentation
View
Vintage Mosaic Presentation
View
Shadow Presentation
View
Newspaper Presentation
View
Zen Presentation
View
Audio tutorial
View
Pechakucha Presentation
Explore all templates
Transcript
SOC Escalation Update
Change to soc escalations
When escalating to the SOC, we will now have a button that initates the escalation
This will act similarly to our other escalation buttons, such as Tier 3 escalation
Review: When do we escalate to SOC?
SentinelOne/BitDefender Issues or Requests (also called "Detect and Respond" Endpoint Protection as a Connectwise Product
Issues or Requests with Profile and Protect Note: this is typically not customer facing, and mentions of this would likely come from Tier 4
Network and Compliance (D&R) This is a fully managed solution from the standpoint of the entire network Note: this is typically not customer facing, and mentions of this would likely come from Tier 4
How to check for SentinelOne
When performing troubleshooting for a Network or Virus issue, we must check to see if SentinelOne is on the system
Utilize Automation!
Run the "AV Scan Bot" from Quick Automations - it will inform you if SentinelOne is active on the system
Manual Check
If the AV Scan bot is unsucessful, you can manually check by checking the "Profile" of the endpoint in the Servers and Desktops section of Techview
In the incident actions tab, you will now see an Escalate to SOC button Let's walk through the actions of the new Escalation to SOC workflow
You will receive two prompts - please review the prompts and click OK
You will receive two prompts - please review the prompts and click OK
Once completed, you will recieve confirmation
A teams card will be generated to the SOC team to review the details This will also create a ticket for them in their ticketing system
Additional Details
Thank you!