Salem Threat Notifications to MDR

How does Salem work for customers with MDRs?

For customers that have MDRs, Salem seamlessly integrates into the workflow process. In a typical interaction, Salem creates threat notifications and sends them to a group chat with the client, their MDR IR analyst and Salem where all parties directly collaborate on active Tier 3 IR investigations.

When a threat is escalated, an MDR IR analyst acknowledges the notification, assigns the case to themselves and removes the alert from the SOC queue. The MDR IR analyst will then perform the initial analysis, respond to the threat, and update the client on the status of the investigation.

[insert workflow diagram]

add link to RBAC

PreviousUser Preference NextConfigure & Manage

Last updated 1 month ago