Onboarding Procedure for

SOCaaS/MDRaaS
1. Executive Summary
Terraeagle focuses on comprehensive monitoring and defense against cyber-attacks by installing
agents on target systems to pull logs. Key aspects of our approach include:

1. Agent Installation: We deploy agents on target systems to pull logs, enabling thorough
monitoring of all devices.
2. Real-time Log Analysis: Our system analyzes logs in real-time, generating alerts for
suspicious activities or potential threats.
3. Proactive Defense: We employ proactive measures to defend against cyber-attacks,
leveraging advanced threat intelligence and mitigation techniques.
4. Client Notification: Our alerting system ensures timely notification to clients, enabling
them to take immediate action to protect their systems.
5. Continuous Monitoring: We maintain continuous monitoring to detect and respond to
evolving cyber threats effectively.

By implementing these strategies, Terraeagle strengthens its clients' cybersecurity posture,

providing them with robust protection against a wide range of cyber threats.

Terraeagle will extend the required support throughout the process for the smooth
implementation.

2. Log Source Identification

1. Collect a comprehensive inventory of all potential log sources within your organization
2. Categorize log sources based on their type (e.g., firewalls, servers, applications, etc.).
3. Determine the number of assets associated with each log source that will be included in
the Proof of Concept (POC). - like MAC , Linux and Windows .
4. Also specify the number of servers , firewalls and endpoints to be included as a part of
POC .

3. Firewall Rule Modification

1. Collaborate with your organization's network security team to identify and modify firewall
rules.
2. Open relevant ports on firewalls to allow the flow of logs from each identified log source
to the SIEM environment.
3. Ensure that firewall rules are configured securely to minimize potential security risks.

Firewall configuration (For collecting endpoint logs)

i. From the client side:

 Allow XXXXX/TCP, XXXXX/TCP to logs.terraeagle.com and XXXXX/TCP to
velo.terraeagle.com.

4. IPSec Tunnel Establishment

1. Configure and establish IPSec tunnels between the organization's network and the SIEM
environment.
2. Implement necessary encryption and authentication mechanisms to secure
log transmission over the tunnel.
3. Collaborate with network administrators to ensure seamless connectivity and
minimal disruption to existing network operations.

5. Log Source Installation Process

1. Firewall Installation
i. Ensure internal Firewall rules are in place to allow traffic from the Load Balancer
to the Shield node on TCP port XXXX and from the Load Balancer to Graylog on
TCP port XXXX .
ii. Additional ports will need to be opened depending on the client’s infrastructure.

2. Configure an Inbound Rule + Port NAT with the following parameters:

i. Source IP Address: Customer’s Public IP address (Edge Device on customer’s
prem connected to the Internet)
ii. Destination Firewall: The Firewall itself
iii. Destination Port: TCP Port Assigned to this customer.
iv. A static port NAT rule needs to be configured as well, where the connections
allowed in the rule above should be forwarded to Graylog Server in the
same TCP Port.