SOC Response Service Level Agreement
This Blueshift Cybersecurity Security Operations Center (“SOC”) Service Level Agreement (“SSLA”) defines the terms and conditions for the SOC response services (“SOC Services”) offered by Blueshift Cybersecurity, Inc. (“Blueshift,” “BSC”) to the client (“Client”) who has subscribed to Blueshift’s Products, Services, and Solutions as specified in a valid license agreement or purchase order either directly with Blueshift or through an authorized Blueshift reseller or partner. Blueshift and Client are collectively referred to as “Parties” and individually as a “Party.” The Parties hereby agree to the following definitions, terms, and conditions:
Definitions:
“SOC Response” refers to properly tuning and categorizing the Client’s events, alerts, and alarms to ensure they are appropriately prioritized for appropriate handling. This would most likely occur as an initial bulk-refinement activity of reassigning priorities based on past events, alerts, and alarm data, then continuing to hone alerts via day-to-day interactions and Client requests for information.
“Event” means the suspected occurrence of Hostile Actions, threats, or attacks that are unintended or intended to affect a Client’s normal operations, behavior, or the Confidentiality, Integrity, Availability (“CIA”) of the Client’s information and or information systems. This includes any observable occurrence, incident, or situation within an information system or network that may have security implications. Such occurrences encompass a broad range of activities, including but not limited to system alerts, suspicious activities, anomalies, or other incidents that trigger the attention of security monitoring tools or cybersecurity professionals.
“Event Response” means a structured and coordinated approach to addressing and managing an Event. It involves the detection, scoping, containment, alerting, documentation, and lessons learned from security incidents to minimize Client information, systems degradation, disruption, and information destruction or damage.
“Hostile Actions” means any action intending to disrupt, degrade, or destroy the CIA or to gain unauthorized access to Client information or information systems. Malicious activities or attacks directed towards information systems, networks, or data. These actions are typically carried out by threat actors, such as hackers or cybercriminals, intending to compromise digital assets’ confidentiality, integrity, or availability. The introduction, implantation, or spread of malicious code that infiltrates the Client’s computer systems, including but not limited to computer viruses, Trojan horses, ransomware, and or distributed
denial-of-service (DDoS) attacks. Any attack or Event on the Client’s information systems or networks resulting in the degradation or loss of proprietary/sensitive information or quality of service (QoS).
“SOC Manager” is a Blueshift engagement SOC manager (“SOC Manager”) who manages SOC Services and may coordinate responses to the Client and SOC Analyst(s).
“SOC Analyst(s)” is/are Blueshift SOC analyst/analysts reporting to the SOC Manager, who will investigate alerts, notify Client, and document events/Events and incidents.
Terms and Conditions
1. Initial Scoping of Event: The Parties will make reasonable commercial efforts to collaborate to provide a written explanation of any Event, and Blueshift will perform SOC Response Services to validate and define the scope of the Event.
2. Collection, Installation, & Preservation: The Parties agree that depending on the specific event/Event and Client environment, Blueshift may require access to review the Client’s configuration, active directory, and any collected logs not already implemented into the BSC platform. Blueshift may further require the installation of additional agents, information collection scripts, forensic tools, and/or network sensors as needed. The Client agrees to cooperate in facilitating the abovementioned data collection and preservation.
3. Evaluation of Client services: If affected hosts do not already have the BSC software agent (“BSC Agent”) installed, the Parties agree this will negatively affect SOC Services and incident response capabilities and increase the likelihood of an Event. The BSC Agent provides real-time information that aids in detecting, scoping, analyzing, and responding to a potential security event or Event. The effectiveness of the incident response process heavily relies on having comprehensive visibility into the affected hosts. If the BSC Agent is not installed on these hosts, it creates a significant gap in Blueshift’s ability to promptly and accurately assess the incident.
4. Actualizing Event Scope: The Parties agree that the process of concretely defining and understanding the extent, boundaries, and details of a cybersecurity event or Event actualizes the Event scope. This scope involves moving from a conceptual or potential understanding of the event or Event to a practical and real-world assessment. This may include identifying the potential of affected systems, determining the methods and tactics employed by attackers, and comprehending the overall impact on the organization’s cybersecurity landscape. The practical implementation or realization of the event/Event’s scope is based on the information gathered and analyzed during the event/Event analysis process.
5. SOC Manager Role: The SOC Manager will make reasonable commercial efforts to share the initial findings with the Client within the timeframe specified in the SOC Services Response Times Table. A follow-up meeting will be scheduled to discuss the impact and scope of the event/Event if needed or requested.
6.Executive Reporting: Blueshift will make reasonable commercial efforts to create executive reports summarizing the results of specified timetables and/or detected events, including summary, number of events, network and host volatility, and network traffic overview.
7. Tuning and Categorization: The Blueshift SOC will make reasonable commercial efforts to tune and categorize each of the Client’s events, Events, alerts, and alarms to ensure they are appropriately prioritized for appropriate handling. This occurs as an initial bulk-refinement activity of reassigning priorities based on past events, alerts, and alarm data, then continuing to hone such each week via day-to-day interactions.
8. Response Time: The Parties agree that Event Response duration is defined as the elapsed time from initiating a triggered alert to the commencement of an investigation by a Blueshift SOC Analyst.
9. Investigation Time: The Parties agree that the investigation time commences when a Blueshift SOC Analyst investigates alert initiation and conclusion may involve escalation to the Client (through ticket, phone call, or other mutually agreed upon notification), closure of the event/Event, or determination that the event/Event is a false positive.
10.SOC Response Times table: The Parties agree that Blueshift’s response time and investigation time, based on Blueshift’s reasonable commercial efforts, shall be defined in the table below:
Priority | Response Time | Investigation Time |
1 | 15 minutes | 30 minutes from notification |
2 | 30 minutes | 2 hour from notification |
3 | 1 hour | 8 hours from notification |
11. Client Responsibilities
a) The Client shall provide Blueshift with timely copies of configuration information, log files, intrusion detection events, and other necessary information for the investigation.
b) Client shall deploy in a timely manner additional BSC Agents, forensic tools, credentials, and initial or additional hardware deployment if needed.
c) Client shall manage collecting and disseminating information related to any event/Event with the Client’s technical and managerial personnel.
d) Client shall facilitate communications between the Blueshift SOC team and any third-party vendors the Client uses, including internet service providers and content-hosting firms.
e) Client assumes sole responsibility for the negative consequences that may arise for not promptly and adequately implementing Blueshift recommendations.
f) Client agrees to fully cooperate with Blueshift’s requests during the provision of SOC Response Services and assume responsibility for data content, security, and access controls.
12. Contractors/Subcontractors: Blueshift may engage with contractors/subcontractors from its information security partnerships.
13.Assurances: Blueshift makes reasonable commercial efforts regarding the provision of professional SOC Response Services per this SSLA. Blueshift expressly DOES NOT warrant or guarantee the identification of all threats, events, Events, the resolution of every Incident or identified threat, error-free threat classification, correct incident prioritization, successful removal or resolution of threats, desired outcomes of SOC Response Services, satisfactory threat response, or threat hunting. By subscribing to SOC Services, the Client acknowledges the disclaimers regarding Blueshift’s provision of incident response services. Blueshift provides SOC Services “as is” without express or implied warranties, including but not limited to merchantability, fitness for a particular purpose, accuracy, non-infringement, or any arising by law, statute, trade usage, or course of dealing.
14. Limitation of Liability: In no event will either Party be liable to the other or any third party for loss of profits, loss of use, loss of data or information, loss of revenue, loss of goodwill, business interruption, or any indirect, special, incidental, exemplary, punitive, or consequential damages, whether in contract, tort, strict liability, or otherwise, even if the Party is aware of the possibility of such damages. This limitation applies even if any specific remedy in this SSLA is deemed to have failed its essential purpose.
15. Terms and Termination: The term of this SSLA commences on the date of SOC Services purchased as indicated above and continues for the duration of the SSLA. In the event of termination of the Blueshift Terms, this SSLA will also terminate.
16. General Provisions: Entire Agreement: This SSLA, along with the Blueshift Terms, constitutes the entire agreement between the Parties, supersedes all prior or contemporaneous agreements, and prevails over any conflicting terms in the Blueshift Terms concerning SOC Response Services.
17. Independent Contractors: The Parties are independent contractors, and neither Party is an agent, franchisor, franchisee, employee, representative, owner, or partner of the other. The relationship is one of independent contractors, and neither Party has the authority to assume obligations or make representations on behalf of the other.
18. Governing Law and Venue: This SSLA is governed by the laws of the State of Florida without regard to its conflict of law provisions. Any suits related to this SSLA and any addendums shall be filed in a state or federal court located in or nearest Lee County, Florida, USA. Before initiating legal action, the Parties must engage in good-faith mediation in the same venue described above. Except for actions required to protect or enforce a Party’s Intellectual Property Rights, the prevailing Party in any legal proceeding is entitled to reasonable attorneys’ fees and costs.