CyberSOC for insider threats
L1: hybrid service for protection against internal and external threats, providing protection against threats directed at the entity on the Internet and Deep/Dark Web (phishing, online fraud, identity theft, etc.), as well as the review and analysis of events generated by the SIEM, SOAR, XDR, etc. tools that make up the internal network protection suite.
L2: analysis of events generated at level 1 that require a higher level of expertise than L1 but do not require the intervention of an advanced analyst at level L3.
L3: assessment and corrective actions, crisis and critical event management, forensic analysis.