Fortis Business Email Compromise Incident Response Jumpstart

Fortis by Sentinel will provide Incident Response resources to perform services related to the incident remotely or begin deploying on-site within 24 hours upon receipt of written request (barring travel restrictions). The Incident Response resources will work with the customer to perform the following services promise Incident Response Services for Microsoft Azure Services are subject to applicable technology fees on an as-needed basis: • Provide actionable guidance to quarantine or isolate active threats and/or threat actors. • Perform a global review of the email tenant to identify potential unwanted activity, including: - Rule Creation, Update, Modification - Update User Events - Impossible Travel Scenarios - Unusual Login Patterns - Unusual Device Types - Unusual Access Methods • Status reporting, including (upon request) a forensics findings report. • Perform a forensics analysis on mailbox-level artifacts on customer identified accounts of interest to identify unwanted activity, including: - Rule Creation, Update, Modification - Update User Events - Messages Sent - Data Accessed (Mailbox, SharePoint, OneDrive, and Microsoft Teams) • Sandbox analysis of malware, scripts, and files as deemed necessary by Fortis by Sentinel. SLA/Deliverables Business Email Compromise Incident Response Service Level Agreement (SLA) Customer acknowledges that, due to the often complex and unpredictable nature of security incidents, there is no guarantee that Fortis by Sentinel will be able to provide root cause, scope, and/or impact and agrees to hold Sentinel Technologies, Inc. blameless from any damages that result from its handling of any such Incident, besides damages arising from any willful misconduct. Business Email Compromise Incident Response Deliverables The following Deliverables may be produced during this engagement, as requested: • Milestone Based Status Reporting. Regular status reporting that summarizes the activities
completed, critical issues, remediation guidance, and findings. Status reporting will be provided via virtual meetings (e.g., Webex or Microsoft Teams) and will be limited, where required, to parties under privilege. • Event/Activity Timeline. Fortis by Sentinel will provide an Event/Activity timeline of the unwanted activities taken within the mailbox for the account(s) of interest. • Forensics Report. Upon request, Fortis by Sentinel will provide a Forensics Report summarizing the unwanted activities taken and identified data access, modification, or exfiltration.