MDR Feature Matrix
Armor’s XDR+SOC solution combines cloud-native detection and automated response capabilities with our 24 / 7 team of cybersecurity experts and our comprehensive, AI-enabled threat hunting and alerting library to deliver critical security outcomes. This document details the product topology of ’s XDR+SOC solution and lists the components included with each SKU and bundle.
Basic Subscription Tier
Out-of-the-box essentials for gaining comprehensive responsive security coverage and incident management and response.
XDR Basic Subscription (SKU: XDR-BASIC-SUBSCRIPTION)
Subscription for XDR services including basic configuration and access to the underlying infrastructure-as-code modules and resources.
| Component | Included Quantity |
|---|---|
| XDR Onboarding & Deployment Onboarding costs across all XDR engagement types (including POV/POCs). | Included |
| SIEM Rule Library Subscription Updates to and curation of the siem-rule-library repository and related tooling. | Included |
| Infrastructure-as-Code Library Subscription Updates to infrastructure-modules-customer and infrastructure-live-customer. | Included |
| Open Source Threat Intelligence Feeds Updates to and curation of open-source threat feeds in the threat-intel repository and related tooling. | Included |
| Basic Data Enrichment Updates to and curation of enrichment data sources and deployment jobs. | Included |
| Basic SOAR Playbook Library Updates to the basic SOAR playbooks that forwards events to Quantum's webhook and any related chat channels. | Included |
| Basic Dashboards & Reporting Updates to the out-of-the-box dashboards included with the basic solution. | Included |
SOC Basic Subscription (SKU: SOC-BASIC-SUBSCRIPTION)
Subscription for SOC services including incident management and response.
| Component | Included Quantity |
|---|---|
| SIEM Alert Review Periodic review of alerts to check for incidents that may not have been caught by correlation or detection rules. | Included |
| Incident Triage Verify incoming incidents as true positives; initiate incident response as needed. | Included |
| Threat and Vulnerability Analysis Investigate how an emergent threat applies to a given customer and how they might be affected by the threat. Provide proactive guidance on containment and mitigation strategies. | Included |
Professional Subscription Tier
Everything from the Basic plan, plus custom rules and SOAR integration with access to additional commercial threat intelligence feeds.
XDR Professional Subscription (SKU: XDR-PRO-SUBSCRIPTION)
Subscription for XDR services including continuous configuration, tuning and management, as well as access to the underlying infrastructure-as-code modules and resources.
| Component | Included Quantity |
|---|---|
| XDR Onboarding & Deployment Onboarding costs across all XDR engagement types (including POV/POCs). | Included |
| SIEM Rule Library Subscription Updates to and curation of the siem-rule-library repository and related tooling. | Included |
| Infrastructure-as-Code Library Subscription Updates to infrastructure-modules-customer and infrastructure-live-customer. | Included |
| Open Source Threat Intelligence Feeds Updates to and curation of open-source threat feeds in the threat-intel repository and related tooling. | Included |
| Commercial Threat Intelligence Feeds Updates to and curation of commercial threat feeds in the threat-intel repository and related tooling. | Included |
| Basic Data Enrichment Updates to and curation of enrichment data sources and deployment jobs. | Included |
| Basic SOAR Playbook Library Updates to the basic SOAR playbooks that forwards events to Quantum's webhook and any related chat channels. | Included |
| Basic Dashboards & Reporting Updates to the out-of-the-box dashboards included with the basic solution. | Included |
| Custom SIEM rule development Design, testing, and implementation of custom rules. | 6 |
| Custom SOAR Playbook Development Design, development, and implementation of a custom SOAR playbook (including integration with third party solutions) | 2 |
| Custom Workbook and Dashboard Development Design, development, and implementation of a custom dashboard and any required custom workbooks. | 1 |
SOC Professional Subscription (SKU: SOC-PRO-SUBSCRIPTION)
Subscription for SOC services including incident management, response, and remediation guidance with orchestration automation assistance.
| Component | Included Quantity |
|---|---|
| SIEM Alert Review Periodic review of alerts to check for incidents that may not have been caught by correlation or detection rules. | Included |
| Incident Triage Verify incoming incidents as true positives; initiate incident response as needed. | Included |
| Incident Response Creation of a plan for mitigation, containment, remediation, and recovery; and the facilitation of that plan in coordination with the customer. | Included |
| Threat and Vulnerability Analysis Investigate how an emergent threat applies to a given customer and how they might be affected by the threat. Provide proactive guidance on containment and mitigation strategies. | Included |
| Threat Hunting Design and conduct a threat hunting campaign that searches for specific indicators or patterns. | Included |
Monthly SIEM Volume (SKU: SOC-PRO-SIEM-VOLUME)
The total monthly volume of log messages and events being submitted to the SIEM for analysis.
| Component | Included Quantity |
|---|---|
| Daily SIEM Volume (Professional) The total daily volume of log messages and events being submitted to the SIEM for analysis. | Consumption |
Enterprise Subscription Tier
Everything from the Professional plan, plus analyst-supported tuning with a fully-custom threat intelligence feed and advanced forensics.
XDR Enterprise Subscription (SKU: XDR-ENTERPRISE-SUBSCRIPTION)
Subscription for XDR services including continuous configuration, analyst-supported tuning and management, as well as access to the underlying infrastructure-as-code modules and resources.
| Component | Included Quantity |
|---|---|
| XDR Onboarding & Deployment Onboarding costs across all XDR engagement types (including POV/POCs). | Included |
| SIEM Rule Library Subscription Updates to and curation of the siem-rule-library repository and related tooling. | Included |
| Infrastructure-as-Code Library Subscription Updates to infrastructure-modules-customer and infrastructure-live-customer. | Included |
| Open Source Threat Intelligence Feeds Updates to and curation of open-source threat feeds in the threat-intel repository and related tooling. | Included |
| Commercial Threat Intelligence Feeds Updates to and curation of commercial threat feeds in the threat-intel repository and related tooling. | Included |
| Customer Threat Intelligence Programme Integration with a custom, third-party threat intelligence programme. | Included |
| Basic Data Enrichment Updates to and curation of enrichment data sources and deployment jobs. | Included |
| Basic SOAR Playbook Library Updates to the basic SOAR playbooks that forwards events to Quantum's webhook and any related chat channels. | Included |
| Basic Dashboards & Reporting Updates to the out-of-the-box dashboards included with the basic solution. | Included |
| Custom SIEM rule development Design, testing, and implementation of custom rules. | 12 |
| Custom SOAR Playbook Development Design, development, and implementation of a custom SOAR playbook (including integration with third party solutions) | 4 |
| Custom Workbook and Dashboard Development Design, development, and implementation of a custom dashboard and any required custom workbooks. | 2 |
SOC Enterprise Subscription (SKU: SOC-ENTERPRISE-SUBSCRIPTION)
Subscription for SOC services including incident management, response, remediation guidance with orchestration automation assistance, and advanced forensic investigations.
| Component | Included Quantity |
|---|---|
| SIEM Alert Review Periodic review of alerts to check for incidents that may not have been caught by correlation or detection rules. | Included |
| Incident Triage Verify incoming incidents as true positives; initiate incident response as needed. | Included |
| Incident Response Creation of a plan for mitigation, containment, remediation, and recovery; and the facilitation of that plan in coordination with the customer. | Included |
| Threat and Vulnerability Analysis Investigate how an emergent threat applies to a given customer and how they might be affected by the threat. Provide proactive guidance on containment and mitigation strategies. | Included |
| Threat Hunting Design and conduct a threat hunting campaign that searches for specific indicators or patterns. | Included |
| Forensic Investigation Conduct a Root Cause Investigation (RCI) and provide a Root Cause Analysis (RCA) for a given incident. | Included |
Monthly SIEM Volume (SKU: SOC-ENTERPRISE-SIEM-VOLUME)
The total monthly volume of log messages and events being submitted to the SIEM for analysis.
| Component | Included Quantity |
|---|---|
| Daily SIEM Volume (Enterprise) The total daily volume of log messages and events being submitted to the SIEM for analysis. | Consumption |
Additional Information
Consumption Billing
Note that Services in the tables above with an Included Quantity labelled “Consumption” are usage-based SKUs and the amounts billed for these items will vary based on the amount you “use” or “consume”. Quantities of these items paid in advance qualify for the applicable term discount. Any overages will be billed in arrears at the non-discounted price listed on your service order.
Included Items
Quantities of Services in the tables above where the Included Quantity is labelled “Included” should be interpreted to include reasonable usage of the Services which should, without limitation, be within the guidelines and constraints defined in the Acceptable Use Policy and at the sole discretion of Armor. If you fail to observe these limitations, Armor may charge additional fees or terminate your Services.