Security Operations Center
Multi-tier SOC operations with MITRE ATT&CK-mapped detection, behavioral analytics, and dedicated analyst teams providing follow-the-sun coverage.
A SOC Built for the Modern Threat Landscape
Dalwax operates four geographically distributed SOC facilities providing true 24/7 follow-the-sun coverage. Our analysts don't just monitor dashboards — they actively hunt for threats using hypothesis-driven methodologies aligned to MITRE ATT&CK, the Diamond Model, and Kill Chain frameworks.
Our Tier 1 analysts handle initial triage and automated alert processing. Tier 2 analysts perform deep investigation, threat correlation, and incident analysis. Tier 3 analysts — our threat hunters and malware reverse engineers — proactively search for advanced persistent threats that evade automated detection.
SOC Tier Structure
Alert Triage & Monitoring
Automated alert enrichment, IOC lookup, initial classification, and escalation. AI-assisted triage handles 85% of alerts autonomously.
Investigation & Analysis
Deep-dive investigation, threat correlation across data sources, impact assessment, and containment recommendations.
Threat Hunting & Forensics
Proactive hunting, malware reverse engineering, APT tracking, and detection engineering for novel TTPs.
SOC Technology Stack
SIEM/SOAR
Splunk, Microsoft Sentinel, Chronicle, custom SOAR playbooks
EDR/XDR
CrowdStrike Falcon, Microsoft Defender, SentinelOne, Cortex XDR
Threat Intel
MISP, OpenCTI, Recorded Future, Mandiant, custom feeds
Automation
Palo Alto XSOAR, Tines, custom Python orchestration