¶ Welcome to SOC.OS
Welcome to the SOC.OS on-boarding process, we’re really excited to have you signed up, and look forward to helping you streamline managing your SOC operations going forward.
You will already have access to your SOC.OS environment, but before we can start to show you the benefit of SOC.OS, there’s a number of actions we’ll need to step through.
We’ve made configuring your security tools to forward alerts to the SOC.OS platform as simple as possible, and we’ll be there to support you every step of the way. For most of the SOC.OS community, this setup can be completed in approximately 3 hours; consisting of some initial preparation steps and followed by an on-boarding session with us.
In addition to being able to contact us with any questions you might have, you can also check out our documentation here on the SOC.OS Wiki where you will find a number of step-by-step guides to help you get set up.
Your welcome environment will be available for you for 10 days from signing, after which it will be persisted for ongoing use in your trial and beyond. Please see below for the steps to get you live.
-
Prepare for, and install, the SOC.OS Agent (for on-premise tools over syslog)
a. Prepare a (virtual) machine (Requirements)
b. Download customer specific configuration and temporary credentials (provided directly)
c. Download and install the SOC.OS Agent (Install instructions) - This can be completed on the on-boarding call. -
Prepare your tools for integration (Guidance for all tools)
a. Configure on-premise tools to forward over syslog to the agent (see Step 1)
b. Configure cloud tools for 3rd-party access -
Login to SOC.OS
a. SOC.OS UI can be accessed at https://uk.socos.io/ (or appropriate geographic instance)
b. An Initial user will already have been created for you, and you can request a password reset on first access (you will also require an MFA device or application to complete user registration) (instructions) - Please reach out to support@socos.io if you do not have details of your user -
Provide us with configuration details (please see Mutual Action Plan provided to you directly to submit these to us)
a. Provide credentials for cloud tools
b. Provide details of the agent machine configuration (including OS, ports, and IP address)
c. Provide details of any required additional users
d. Review and confirm tools required, or any further requirements we can assist with
e. Provide details of internal identifiers for your environment -
Book an initial on-boarding session, to confirm all requirements are complete, assist with integrations and provide basic introductory training
a. Visit https://meetings.hubspot.com/vince-murray/socosonboarding
b. We’ll be happy to send you a virtual coffee! -
Go-live (This usually takes place a day or two after step 5; this gives the SOC.OS team time to map any new source systems and ensure the data is being processed correctly)
a. You’ll receive an email confirming your go-live, at which point, you’ll have unrestricted access to the environment and your trial period will commence
Once the above steps are complete, we’ll be excited for you to begin your free trial period. At the conclusion of the trial, we will provide you with a report summarising the key benefits we’ve delivered and hope to continue to deliver.
If at any point you need further assistance, please reach out to us via support@socos.io
¶ First log in to SOC.OS
On first log in to SOC.OS via the provided link, you will be greeted with our login screen.
You should enter your username, and click "Don't remember your password?" - you will receive an email asking you to verify your email address.
Following confirmation of your email, you will be presented with a QR code to scan and enrol in MultiFactor Authentication (MFA). You will need Google Authenticator app (available via Google Play or Apple App store) or similar for MFA.
You should also keep note of the MFA recovery codes provided.
All future logins can be secured via MFA, or solely when logging in from a new browser. You will be presented with the following screen asking for your MFA code
If you experience any issues with login or the MFA process, please don't hesitate to contact us via support@socos.io