Appendix A: Points of contact

Providing your metadata upfront to our Security Incident Response engineers, can help accelerate the profile creation time, improving the confidence in our triaging technology out of the gate. This helps reduce the upfront false positives identified when we begin to ingest your threat findings and create your "known good world."

IR and SOC Personnel Contact Information
Entry	IR \| SOC Personnel: Role, Name, Email	Primary, Secondary Escalation Contacts	Internal, Known CIDR Ranges	External, Known CIDR Ranges	Additional Cloud Service Providers	Working AWS Regions	DNS Server IPs (if other than Amazon Route 53 Resolver)	VPN \| Remote Access Solutions and IPs	Critical Application Names \| Account Numbers	Uncommon Ports Commonly Used	EDR \| AV \| Vulnerability Management Tools Used	IDP \| Locations
1	SOC Commander, John Smith, jsmith@example.com	Primary	10.0.0.0/16	5.5.60.0/20 (Azure)	Azure	us-east-1, us-east-2	N/A	Direct Connect, Public VIF 116.32.8.7	Nginx Webserver (Example Critical) \| 1234567890	8080	CrowdStrike Falcon	Entra, Azure

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

External tooling workflow

RACI Matrix