Some detections may require deeper analysis and guidance by specialized cyber security experts. If you cannot resolve an incident after your analysis, you can elevate the incident to F-Secure for help in resolving the broad context detection and instructions how to respond to it.
You can elevate an incident to F-Secure when you need help resolving a broad context detection. Upon request, F-Secure’s threat analysts investigate methods and technologies, network routes, traffic origins, and timelines of Broad Context Detection to identify the type of incident, provide collected evidence, and offer further expert guidance.
The elevation is split into two phases, threat validation and threat investigation.
Threat validation
In the threat validation phase, F-Secure analysts determine whether Broad Context Detection is a threat, false positive, or suspicious. The threat validation phase is not for complete investigation but for a quick validation only.
- If the incident is a known threat, you get guidance on how to respond to the threat.
- If the detection looks suspicious, you can either manage the incident independently or create an investigation request.
Threat investigation
In the threat investigation phase, F-Secure analysts analyze Broad Context Detection completely and provide suggestions on how you should respond to it.