Onboarding support service

# Onboarding support service

As part of the onboarding process to the WA SOC agencies are offered additional support free of cost as listed in the flowing services:

<br/>

## Onboarding Assessment
The Onboarding Assessment is the first assessment after the MOU is signed and the onboarding scripts have been employed. This includes evaluation of the agency's logging quality and coverage, as well as the Sentinel SIEM implementation addressing the data connectors, activated rules and recommendations for uplift.

### Method 
- Gather information related to the logging posture of an agency as per the Baseline for Event Ingestion model. This includes: 
  - On premise server and workstation infrastructure
  - On premise security controls
  - Cloud environments for both infrastructure and services
- Perform assessment on logging quality and overall environmental coverage
- Create coverage heatmaps as a visual guide to aid prioritisation
- For any quality or coverage issues provide tailored guidance on remediation
- Repeat process from beginning in order to provide metrics on the improvements made.

<br/>

## Posture Assessment 
Posture assessments are an active engagement to identify detection gaps on common attack paths and misconfigured components. 

### Method 
- Meet with key stakeholders to demonstrate the assessment and understand about any existing issues. 
- Gather information related to services commonly leveraged by attackers within an environment
- Perform assessment on data for the following;
  - Commonly exploited attack paths
  - Commonly misconfigured items
- Implement detections that require agencies to perform configuration such as the creation of accounts used solely to detect malicious activity.
- Repeat process from the information gathering phase and present updated findings.