All Covered will proactively monitor Windows Active Directory, installed software, and installed patches to provide change control auditing. These events will be monitored to provide audit trails for user account change controls. Monitoring these types of events will enable Client to better detect suspicious behavior and intrusion attempts and enforce accountability of administrators.
We will monitor and report on the following Active Directory accounts:
All Covered will monitor security events for suspicious behavior based on expert security analytics to provide Client with security event alerts. The following security alerting measures will be implemented:
All Covered will proactively monitor Windows Active Directory, installed software, and installed patches to provide change control auditing. These events will be monitored to provide audit trails for user account change controls. Monitoring these types of events will enable Client to better detect suspicious behavior and intrusion attempts and enforce accountability of administrators.
We will monitor and report on the following Active Directory accounts:
All Covered will monitor security events for suspicious behavior based on expert security analytics to provide Client with security event alerts. The following security alerting measures will be implemented:
All Covered will provide Client’s management team with actionable event tickets and event reports so that Client may better monitor and track Active Directory security events.
– REAL-TIME ACTIONABLE SERVICE TICKETS
Real-time actionable service tickets are generated for Security Event Alerting. Each ticket documents the event and provides descriptive details. All service tickets are securely accessible via the All Covered ticketing portal.
– WEEKLY DETAILED REPORTS FOR CHANGE CONTROL AUDITING AND SECURITY EVENT AUDITING
All Covered will provide weekly reports consisting of all logged security events from the previous week. The following data will be provided:
Device: The device that recorded the event
User Name: The user(s) involved in the action (if applicable)
Event Time: The time the event occurred
– TOTAL SECURITY EVENTS BY REPORTING IP ADDRESS
A report of the total security events by IP address is issued monthly and provides Client with a report on all security events.
– SECURITY EVENT LOG RETENTION
Raw data logs will be retained for twelve (12) months. Reporting data will be maintained for three (3) years or in accordance with State-mandated retention requirements.
Enhanced Security Services Warranty
(a) All Covered warrants that all Enhanced Security Services shall be performed in substantially in accordance with the applicable Statement of Work. All Covered’s entire liability for a warranty claim, and Client’s sole and exclusive remedy under this warranty, will be limited to a refund of the service fees paid by Client for the Enhanced Security Services Warranty in the month in which the event giving rise to the warranty claim first occurred. All Covered shall have no obligation with respect to a warranty claim (i) if notified of such claim more than five (5) days after the first occurrence of the event giving rise to the claim or (ii) if the claim is the result of third-party hardware or software failures, or the actions of Client or a third party.
(b) THIS IS THE ONLY WARRANTY MADE BY ALL COVERED REGARDING THE SIEM SERVICES. ALL COVERED HEREBY DISCLAIMS ALL OTHER WARRANTIES, CONDITIONS OR UNDERTAKINGS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. ALL COVERED MAKES NO WARRANTY, REPRESENTATION, OR GUARANTEE THAT THE ENHANCED SECURITY SERVICES WILL BE UNINTERRUPTED, ERROR-FREE OR FAIL-SAFE. ALL COVERED SPECIFICALLY DISCLAIMS ANY WARRANTY, REPRESENTATION OR GUARANTEE THAT THE SIEM SERVICES WILL MEET CLIENT’S REQUIREMENTS OR PROTECT AGAINST ANY SECURITY THREATS.
USA
Global
