“Cloud Services” mean, collectively, cloud-based service offerings, including all services related to esLOG Services.
“Product Publisher” means the publisher of any third-party software utilized as part of the esLOG Services.
esLOG is a service providing centralized log management, co-managed reporting and compliance, alerting, searching and supplements advanced protection against cyber-attacks that are targeting organizations, (the “esLOG Services”). esLOG Services leverage a best in class proven cloud native SIEM platform from Product Publisher with flexible signal ingestion for on premise and cloud assets combined with the eSentire Atlas platform. As a managed solution, esLOG Services provide to the Client accessible monitoring and reporting to meet regulatory requirements, while also delivering log data from network assets, endpoints, applications and cloud services to the SOC for MDR services.
esLOG Services provide enhanced visibility to the SOC for log and application data as part of eSentire MDR services. esLOG Services additionally provides access to Client for data analytics, forensic searches, rich visualizations and log retention requirements to meet regulatory compliance controls.
esLOG Services Standard Capabilities and Service Modules:
- Log Collection. esLOG Services accept log data from a wide variety of sources, including syslog, Windows Events, containers and cloud service providers. Log data is stored and indexed and available for ad-hoc queries to facilitate forensic analysis and additional functions such as compliance. Query capability may vary by data source or data type depending on service options.
- Co-Managed Content. esLOG Services provide Client with ongoing access and support for its users to access their esLOG Server for the purpose of searching data, creating and sharing dashboards and well as other functions within the Server. Capability in queries, dashboards and reports may vary by data source or data type depending on service options. eSentire will support Client in usage of the Server for the purposes of co-management through training, documentation as well as direct support via email and telephone.
- Log Retention and Archiving. Client Data is retained on the esLOG Server for a default period of 365 days. Client may request shorter retention periods for all or specific, identified log sources. Longer retention periods can be accommodated in special cases and will involve updated fees to accommodate hosting costs.
- Alerting Escalation. Nominated collected log data may be subject to analysis by eSentire correlation rules, a continuously updating set of logic and intelligence for the purpose of creating alerts for SOC review. The set of eSentire rules will include industry best practices, the results of internal research and intelligence and suggestions made by Clients. Client can also create additional alerting from log events for direct notification to the Client as co-managed content. Specific data sources or data types are nominated to be eligible for continuous alerting.
- SOC Alerting and Investigation. Investigations and alerts from threats are processed, enriched, executed and delivered to the SOC. eSentire uses the data from esLOG Services within the broader MDR Services, including investigations and threat hunts.
If indicated in an Order Form, a selected subset of data collected for the esLOG Services (“esLOG Essentials”) may optionally be designated for a storage-only service option. Data nominated for this service tier is collected, stored and available for on-demand searching and threat hunting, however the data is not system analyzed for the purposes of real-time alerting. Data subject to esLOG Essentials tier is generally data deemed out of scope for security or MDR services or data or systems collected for compliance purposes only. Determination of eligibility and selection for esLOG Essentials tier is mutually defined by the Client and eSentire using industry best practices and specific Client needs.
Provision and Hosting of the esLOG Server
eSentire will provide and support at least one (1) cloud hosted esLOG Server and additional servers where required for geographic availability each, (an “esLOG Server” or “Server”). Client requirements and architecture will dictate the number and location of required esLOG Server instances globally. The Server is a hosted instance of Product Publisher’s software used for the purposes of providing log collection, storage, querying, data analytics that is a component of the larger esLOG Service.
- Installing. eSentire will provide installation software, supporting documentation, guides and support for installation of on-premise log collectors (“esLOG Collector” or “Collector(s)”) through the esLOG Server.
- Deployment. Collectors will be installed by the Client with eSentire’s direct assistance during the onboarding period. Client will be responsible for ensuring that esLOG Collectors are not prevented from communicating with the applicable esLOG Server(s).
Maintenance and Support
eSentire shall provide support to Client for both security and system issues related to the esLOG Services. eSentire will be responsible for providing the configuration and other services and components.
Client is responsible for:
- working with eSentire staff to enumerate and define in scope log sources and the required service level for each;
- granting access to required data and systems to configure log collection for esLOG Services including necessary licenses, permissions, consents, and tokens to enable eSentire to access Client’s network, servers, and Cloud Service providers in order to provide esLOG Services;
- ensuring changes to logging applications or their collection are communicated to eSentire;
- designating a Project Coordinator to work directly with and serve as the primary Client contact with eSentire for the duration of the esLOG Addendum;
- installing of on-premise log collectors to enable log collection for sources within Client’s network;
- ensuring no firewall rules or other network blocking exists that would prevent the communication from log collectors to the esLOG Server;
- its choice of equipment, systems, software, Cloud Service providers, and online content; and
- providing the necessary resources, information, documentation and access to personnel, equipment and systems, as reasonably required by eSentire, to allow eSentire to perform the esLOG Services.
In event Client fails to perform its obligations in the time and manner specified or contemplated above, or should any assumption set out herein with respect to the esLOG Services fail to be valid or accurate, then eSentire will not be responsible for any related delay or damages.