Customer verification requests
A customer verification request is a request from the Security Operations Center (SOC) team asking the customer to confirm whether the observed activity is expected or unusual. If the customer marks the behavior as unusual, the SOC team responds with appropriate action. This collaborative process enables SOC analysts and customers to identify and address potential security threats more effectively.
To access the Verification Requests page, go to the Customer Tasks section in the left-side menu of the MDR Portal. This page displays all customer verification requests received by your company.
ID: The unique ID assigned to each verification request
Priority: The type of priority for each verification request
The priority levels are:
Critical: An attacker might actively be performing malicious activity on a customer's device. The customer has only 30 minutes to respond to the request from when it was created.
High: A vulnerability may have been exploited or malware installed. The customer has only 2 hours to respond to the request from its creation.
Medium: An activity, if left unchecked, could likely lead to an incident. The response deadline for the customer is 3 days from when the request is created.
Low: An activity might expose the customer to vulnerabilities. This type of request requires a response within 7 days.
Created on: The date and hour when each customer verification request was created by the SOC team
Deadline to respond: Various information about each customer verification request: its deadline, whether or not the customer responded to it, and whether or not the SOC team executed an action in response to it
The Deadline to respond can have the following values:
Responded: The customer has responded to the verification request.
Expired: The request deadline expired with no response from the customer.
Actioned: The SOC team has taken an action in the customer environment related to the verification request.
No action: The SOC team has not performed an action related to the verification request in the customer environment.
X days/hours/minutes remaining: The deadline for the request has not yet expired and the customer has not yet responded.
Status: The current status of each customer verification request
The Status can have one of the following values:
New: The customer has received the verification request but has not yet opened it to view the details.
Open: The customer has reviewed the request in detail but has not yet provided a response.
Normal behavior: The customer responded to the verification request, confirming normal behavior.
Unexpected behavior: The customer responded to the verification request, confirming unexpected behavior.
Note
All customer verification requests labeled as Responded have the status of either Normal behavior or Unexpected behavior.
Source: The ID of the investigation that resulted in each specific customer verification request
Summary: Brief description of the unusual behavior observed by the SOC team
Note
You can find the total number of verification requests awaiting a response, marked with the status New or Open, by checking the counter in the left-side menu next to the Verification Requests section in the MDR portal.
Responding to new customer verification requests
To assist SOC analysts in providing the best recommendations or taking the most appropriate actions to protect your company, it is important to respond to your customer verification requests before the deadline passes.
To respond to a new customer verification request:
Go to the Verification Requests page in the Bitdefender MDR Portal.
Click the ID of the new customer verification request. A panel is displayed on the right side of the page.
Read carefully the details and description of the verification request.
If the source of the customer verification request has a link, click it to open the Investigations page and view details about the linked investigation.
Click the option that corresponds to your case: NORMAL BEHAVIOR or UNEXPECTED BEHAVIOR. A confirmation window is displayed.
If you find it useful, provide our analysts with more details about the observed behavior.
Click YES. A green banner notifies you that the status of the verification request has been updated successfully.
Following your response to the request, the SOC team will take appropriate actions to ensure your security.
Tracking the actions taken post-request response
In light of your verification request response, the SOC team will take proper action to support your security. To view the details of the action taken by the SOC analysts in response to a particular customer verification request:
Click the ID of the customer verification request. A panel is displayed on the right side of the page.
If the Response action field is visible, click the action ID link. You will be redirected to the Response Actions page automatically.
Click the action number link on the left side of the page. You will view a new panel.
You can now learn more about the SOC team's latest response action.
Important
If you do not respond to a customer verification request in due time, the SOC analysts will take any actions considered beneficial to your security. You can respond to a request even after the deadline. Any response will be taken into account even after the deadline has expired.
Analysts may also provide one or more recommendations. To access them, go to the Recommendations page under the Customer Tasks section.