Defend Accelerator: Detect and Prevent

Overview:

Deploy a foundational Elastic Defend solution providing endpoint protection and visibility for threat prevention, detection, and investigation on endpoints.

Scope:

• Conduct discovery, finalize up to five in-scope endpoint/server policy types, define high-level data fields/event types for monitoring, develop an Elastic Agent deployment strategy and baseline policy structure, and select initial prebuilt Elastic Defend detection rules.
• Create a base agent policy in Fleet (to be cloned for each policy type), review core Elastic Security App and RBAC configuration, and finalize the list of detection rules to be activated.
• Configure and onboard agents for all five Elastic Defend policy types, activate preselected detection rules in Kibana, and perform tuning, event filtering, and advanced rule/exception management.
• Conduct a knowledge transfer workshop, provide documentation, and transfer engagement assets to the customer.

Engagement times:*

• Typically, a project commences between six and eight weeks after services are purchased and lasts between one and five weeks.
• The project will be delivered by an Elastic Consultant (or a certified partner resource with Elastic oversight).

Engagement structure:

• All engagements will be conducted over contiguous weeks.
• Breaks in the engagement may result in reassignment of the Elastic Consultant and require additional lead time prior to resuming. They can also impact the level-of-effort (LOE) and/or cost.
• Changes or additions to scope may impact LOE and/or cost; changes will require a mutually executed Order Form (change order).

Customer responsibilities:

• Provide all necessary resources, access, and personnel in a timely manner.
• Provide all requested prerequisite information and documentation prior to the project kick-off call.
• Confirm all onboarding and access requirements prior to purchasing services.
• Determine clear and concise requirements prior to engagement kick-off.

Total consulting days: 12

Overview:

Deploy a foundational Elastic Defend solution providing endpoint protection and visibility for threat prevention, detection, and investigation on endpoints.

Scope:

• Conduct discovery, finalize up to five in-scope endpoint/server policy types, define high-level data fields/event types for monitoring, develop an Elastic Agent deployment strategy and baseline policy structure, and select initial prebuilt Elastic Defend detection rules.
• Create a base agent policy in Fleet (to be cloned for each policy type), review core Elastic Security App and RBAC configuration, and finalize the list of detection rules to be activated.
• Sequentially configure and onboard agents for all five Elastic Defend policy types, activate and tune detection rules for each, conduct global rule tuning, manage exceptions and trusted applications, and configure/test automated response actions.
• Conduct a knowledge transfer workshop, provide documentation, and transfer engagement assets to the customer.

Engagement times:*

• Typically, a project commences between six and eight weeks after services are purchased and lasts between one and five weeks.
• The project will be delivered by an Elastic Consultant (or a certified partner resource with Elastic oversight).

Engagement structure:

• All engagements will be conducted over contiguous weeks.
• Breaks in the engagement may result in reassignment of the Elastic Consultant and require additional lead time prior to resuming. They can also impact the LOE and/or cost.
• Changes or additions to scope may impact LOE and/or cost; changes will require a mutually executed Order Form (change order).

Customer responsibilities:

• Provide all necessary resources, access, and personnel in a timely manner.
• Provide all requested prerequisite information and documentation prior to the project kick-off call.
• Confirm all onboarding and access requirements prior to purchasing services.
• Determine clear and concise requirements prior to engagement kick-off.

Total consulting days: 18