Bharat Devashi Luva

Working Summary: ➢ Arcsight product installation and configuration ➢ Device onboarding ➢ Threat intelligence integration ➢ Log monitoring of clients ➢ Incident reporting Roles and responsibilities ➢ ArcSight implementation for the clients as per agreed SOW. ➢ Installation of Event broker, ArcMC, ESM, Logger, Investigate in clients’ sites. ➢ Device onboarding for SIEM Tool which are supported. ➢ Writing flex connector for non-supported devices for ArcSight. ➢ Coordination with principle vendor for issues related to installed product.

Working Summary: ➢ Risk analysis and Remediation ➢ Logs analysis of windows. ➢ Creation and implementation of policies ➢ Client system and server AV status monitoring. ➢ Log monitoring of clients ➢ Incident reporting. Roles and responsibilities: ➢ Primary role as key member of Risk control Team. Work on Top infected systems for last 24 hrs and past 15 days. ➢ Daily monitoring of NTP and PTP logs of the systems. DC servers should be not infected. Hence works on infected DC servers and find RCA for infection. Take follow-up with OEM for raised issue. ➢ Find RCA for top infected systems. ➢ Creation of different policies as per requirement of clients. ➢ Analyze the logs client systems and Find RCA of non-updating of client systems and servers. ➢ Work on escalations related to infections in environment. ➢ Analyze the logs of the systems and servers for AV removal activity. ➢ Creating of Rules and filers according to new threat patterns. ➢ Publish advisory reports for the clients. ➢ Client’s Vulnerability assessment. ➢ Provide solution for newly introduced threats in the market. ➢ Provide RCA to clients for the infection occurred in the network. ➢ Send alert to client for Malicious activities performed in the network ➢ Daily report generation manual as well as Automated.