SOC as a Service - Artic Wolf

lwhite81lwhite81 Member Posts: 26 ■■■□□□□□□□
I've just adopted an Artic Wolf system in a new role.  Does anyone have any experience using or have any best practices to share?  There is a lot of information available.  Want to get a laser focus and determine what is best to focus.


  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 515 ■■■■■■■■□□
    Never heard of it.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2020 goals: AWS Security Specialty, maybe AWAE or SLAE, CISSP-ISSAP?
  • chrisonechrisone Senior Member Member Posts: 2,141 ■■■■■■■■■□
    I spoke to them last year. They were heavily considered by my employer. I believe they use the SUMO SIEM. Most of your questions will be answered by them but they are your MSSP from what it sounds like. Start figuering out what kinds of dashboards, alerts, data you want to see or be alerted on by them. They manage endpoints as well, do you have those services with them? Do a weekly or bi-weekly call with them and they will help you setup anything you desire. 

    Think of them as the extended smart guys of your team who will stop what they are doing to assist you. Get familiar with them don't be afraid to ask them things about their current day or where they are from, open up a dialog.

    Sorry I dont have any client customer experience with them only a few conference calls based on MSSP services we were looking at. 
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), IHRP (completed), THPv2 (completed), PTXv2 (completed)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eWPT (failed 2x, no further attempts), eCIR (complete), eCTHPv2 (report: awaiting results), eCPTXv2 (Dec)
    2021: AZ-500, AZ-104, AZ-204, AZ-303, AZ-304, MS-500
Sign In or Register to comment.