Introduction
The monthly Service Report represents an aggregation of all the activity Field Effect MDR discovered within a month. It's meant to act as a single resource you can use for investigations and identifying gaps that may impact your organization's cyber security posture.
The metrics in this report quantify the threats identified over the month, as well as deliver a broad analysis of different areas of you threat surface. Reports are available in the MDR Portal's Reports View, where you can read or download them.
To view a full sample report, see the attachment at the end of this article.
These reports are unique to every organization, and you can see an example report below. The report is divided into the follow sections:
This article outlines what to generally expect from each section of a monthly report, though it will vary per organization and month.
The Sections of a Monthly Service Report
The following sections of this article provide examples of each section included in the monthly Service Report.
Title & Health Check
The title page of the report provides a summary health check for your organization.
The logic for this health check label is based on the presence of unresolved AROs. So, if any AROs remaining unresolved at the time the report to generated, the health check will be set to "at risk".
Introduction
This section contains general information about the report, the intended audience, how to use the report, and contact information if you need help or are experiencing an emergency incident.
Your Field Effect Service
This section provides a summary of Field Effect’s active features and services in your environment. In the example below, all services are enabled except for cloud monitoring.
Your Network
This section reports on observed devices and the most resolved domains throughout the month.
Monitoring Threats to Your Environment
This section reviews all relevant events observed over the month and provides key insights from our analysts.
Your Network
This section tallies the number of network related security events for the month, along with any applicable insights from our analysts.
Threat Intelligence
If malicious systems, domains, botnets, ransomware operators and other Indicators of Compromise (IOCs) are discovered within your network, they will be included in this section.
Threat Hunting
In addition to automated and machine-learning-driven analytics monitoring your network, the Field Effect Threat Hunting Team is continuously scouring your environment for emerging threats, signs of undiscovered threat actors and never-before-seen malware.
Beacon Detection
Field Effect monitors your network for devices emitting beacons, which are periodic communications from your network to systems on the internet. All beacon events from the month are tallied in this section. A map is also included to show the geographical location of detected beacons, along with their risk level.
Top Beacon Destinations
The most active beacons discovered on your network are included in this subsection as a chart.
Scan Detection
Online scanners are automated tools that seek to identify systems on the internet to gather information about them. These scanners have the potential to be malicious, and Field Effect monitors for suspicious scans. If any are found, they are included in this section of the monthly report.
Threat Surface Reduction
This section reviews all AROs issued within the period. This section contains helpful advice and remediation steps for each ARO.
External Network Information
This section contains knowledge about external systems, when relevant.
Resources & Industry Best Practices
This section contains external resources to knowledge recommended by our analysts to use when implementing cyber security measures and plans for your network.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article