MDR Feature Matrix

Owned by Integration Service Account
Last updated: 17 January 2024
5 min read

Armor’s XDR+SOC solution combines cloud-native detection and automated response capabilities with our 24 / 7 team of cybersecurity experts and our comprehensive, AI-enabled threat hunting and alerting library to deliver critical security outcomes. This document details the product topology of ’s XDR+SOC solution and lists the components included with each SKU and bundle.

Read more about XDR+SOC

Basic Subscription Tier

Out-of-the-box essentials for gaining comprehensive responsive security coverage and incident management and response.

XDR Basic Subscription (SKU: XDR-BASIC-SUBSCRIPTION)

Subscription for XDR services including basic configuration and access to the underlying infrastructure-as-code modules and resources.

Component

Included Quantity

Component

Included Quantity

XDR Onboarding & Deployment
Onboarding costs across all XDR engagement types (including POV/POCs).

Included

SIEM Rule Library Subscription
Updates to and curation of the siem-rule-library repository and related tooling.

Included

Infrastructure-as-Code Library Subscription
Updates to infrastructure-modules-customer and infrastructure-live-customer.

Included

Open Source Threat Intelligence Feeds
Updates to and curation of open-source threat feeds in the threat-intel repository and related tooling.

Included

Basic Data Enrichment
Updates to and curation of enrichment data sources and deployment jobs.

Included

Basic SOAR Playbook Library
Updates to the basic SOAR playbooks that forwards events to Quantum's webhook and any related chat channels.

Included

Basic Dashboards & Reporting
Updates to the out-of-the-box dashboards included with the basic solution.

Included

SOC Basic Subscription (SKU: SOC-BASIC-SUBSCRIPTION)

Subscription for SOC services including incident management and response.

Component

Included Quantity

Component

Included Quantity

SIEM Alert Review
Periodic review of alerts to check for incidents that may not have been caught by correlation or detection rules.

Included

Incident Triage
Verify incoming incidents as true positives; initiate incident response as needed.

Included

Threat and Vulnerability Analysis
Investigate how an emergent threat applies to a given customer and how they might be affected by the threat. Provide proactive guidance on containment and mitigation strategies.

Included

Professional Subscription Tier

Everything from the Basic plan, plus custom rules and SOAR integration with access to additional commercial threat intelligence feeds.

XDR Professional Subscription (SKU: XDR-PRO-SUBSCRIPTION)

Subscription for XDR services including continuous configuration, tuning and management, as well as access to the underlying infrastructure-as-code modules and resources.

Component

Included Quantity

Component

Included Quantity

XDR Onboarding & Deployment
Onboarding costs across all XDR engagement types (including POV/POCs).

Included

SIEM Rule Library Subscription
Updates to and curation of the siem-rule-library repository and related tooling.

Included

Infrastructure-as-Code Library Subscription
Updates to infrastructure-modules-customer and infrastructure-live-customer.

Included

Open Source Threat Intelligence Feeds
Updates to and curation of open-source threat feeds in the threat-intel repository and related tooling.

Included

Commercial Threat Intelligence Feeds
Updates to and curation of commercial threat feeds in the threat-intel repository and related tooling.

Included

Basic Data Enrichment
Updates to and curation of enrichment data sources and deployment jobs.

Included

Basic SOAR Playbook Library
Updates to the basic SOAR playbooks that forwards events to Quantum's webhook and any related chat channels.

Included

Basic Dashboards & Reporting
Updates to the out-of-the-box dashboards included with the basic solution.

Included

Custom SIEM rule development
Design, testing, and implementation of custom rules.

6

Custom SOAR Playbook Development
Design, development, and implementation of a custom SOAR playbook (including integration with third party solutions)

2

Custom Workbook and Dashboard Development
Design, development, and implementation of a custom dashboard and any required custom workbooks.

1

SOC Professional Subscription (SKU: SOC-PRO-SUBSCRIPTION)

Subscription for SOC services including incident management, response, and remediation guidance with orchestration automation assistance.

Component

Included Quantity

Component

Included Quantity

SIEM Alert Review
Periodic review of alerts to check for incidents that may not have been caught by correlation or detection rules.

Included

Incident Triage
Verify incoming incidents as true positives; initiate incident response as needed.

Included

Incident Response
Creation of a plan for mitigation, containment, remediation, and recovery; and the facilitation of that plan in coordination with the customer.

Included

Threat and Vulnerability Analysis
Investigate how an emergent threat applies to a given customer and how they might be affected by the threat. Provide proactive guidance on containment and mitigation strategies.

Included

Threat Hunting
Design and conduct a threat hunting campaign that searches for specific indicators or patterns.

Included

Monthly SIEM Volume (SKU: SOC-PRO-SIEM-VOLUME)

The total monthly volume of log messages and events being submitted to the SIEM for analysis.

Component

Included Quantity

Component

Included Quantity

Daily SIEM Volume (Professional)
The total daily volume of log messages and events being submitted to the SIEM for analysis.

Consumption

Enterprise Subscription Tier

Everything from the Professional plan, plus analyst-supported tuning with a fully-custom threat intelligence feed and advanced forensics.

XDR Enterprise Subscription (SKU: XDR-ENTERPRISE-SUBSCRIPTION)

Subscription for XDR services including continuous configuration, analyst-supported tuning and management, as well as access to the underlying infrastructure-as-code modules and resources.

Component

Included Quantity

Component

Included Quantity

XDR Onboarding & Deployment
Onboarding costs across all XDR engagement types (including POV/POCs).

Included

SIEM Rule Library Subscription
Updates to and curation of the siem-rule-library repository and related tooling.

Included

Infrastructure-as-Code Library Subscription
Updates to infrastructure-modules-customer and infrastructure-live-customer.

Included

Open Source Threat Intelligence Feeds
Updates to and curation of open-source threat feeds in the threat-intel repository and related tooling.

Included

Commercial Threat Intelligence Feeds
Updates to and curation of commercial threat feeds in the threat-intel repository and related tooling.

Included

Customer Threat Intelligence Programme
Integration with a custom, third-party threat intelligence programme.

Included

Basic Data Enrichment
Updates to and curation of enrichment data sources and deployment jobs.

Included

Basic SOAR Playbook Library
Updates to the basic SOAR playbooks that forwards events to Quantum's webhook and any related chat channels.

Included

Basic Dashboards & Reporting
Updates to the out-of-the-box dashboards included with the basic solution.

Included

Custom SIEM rule development
Design, testing, and implementation of custom rules.

12

Custom SOAR Playbook Development
Design, development, and implementation of a custom SOAR playbook (including integration with third party solutions)

4

Custom Workbook and Dashboard Development
Design, development, and implementation of a custom dashboard and any required custom workbooks.

2

SOC Enterprise Subscription (SKU: SOC-ENTERPRISE-SUBSCRIPTION)

Subscription for SOC services including incident management, response, remediation guidance with orchestration automation assistance, and advanced forensic investigations.

Component

Included Quantity

Component

Included Quantity

SIEM Alert Review
Periodic review of alerts to check for incidents that may not have been caught by correlation or detection rules.

Included

Incident Triage
Verify incoming incidents as true positives; initiate incident response as needed.

Included

Incident Response
Creation of a plan for mitigation, containment, remediation, and recovery; and the facilitation of that plan in coordination with the customer.

Included

Threat and Vulnerability Analysis
Investigate how an emergent threat applies to a given customer and how they might be affected by the threat. Provide proactive guidance on containment and mitigation strategies.

Included

Threat Hunting
Design and conduct a threat hunting campaign that searches for specific indicators or patterns.

Included

Forensic Investigation
Conduct a Root Cause Investigation (RCI) and provide a Root Cause Analysis (RCA) for a given incident.

Included

Monthly SIEM Volume (SKU: SOC-ENTERPRISE-SIEM-VOLUME)

The total monthly volume of log messages and events being submitted to the SIEM for analysis.

Component

Included Quantity

Component

Included Quantity

Daily SIEM Volume (Enterprise)
The total daily volume of log messages and events being submitted to the SIEM for analysis.

Consumption

Additional Information

Consumption Billing

Note that Services in the tables above with an Included Quantity labelled “Consumption” are usage-based SKUs and the amounts billed for these items will vary based on the amount you “use” or “consume”. Quantities of these items paid in advance qualify for the applicable term discount. Any overages will be billed in arrears at the non-discounted price listed on your service order.

Included Items

Quantities of Services in the tables above where the Included Quantity is labelled “Included” should be interpreted to include reasonable usage of the Services which should, without limitation, be within the guidelines and constraints defined in the Acceptable Use Policy and at the sole discretion of Armor. If you fail to observe these limitations, Armor may charge additional fees or terminate your Services.