Skip to content
Close
SEARCH
Get a demo
Get a demo
Gradient dark mesh
banner-siem
guardsix Command Center
Your sovereign ready
SecOps platform

Built for the hidden defenders who keep society running

Explore
Command Center
Other
How mature is your cybersecurity posture?

Take the test, win a badge and strenghten your security posture!

Take assessment

Service Description

TABLE OF CONTENTS
loading...

The SaaS-version of guardsix SIEM is a cloud service with a SaaS operational model that provides capabilities of guardsix SIEM+SOAR.

The service can be accessed in two ways:

  • Via Web UI on https://..guardsix.cloud/ – by the end users of the service.
  • Via guardsix Cloud Connector Appliance deployed on Customer premises.

Capabilities

The SaaS-version of guardsix SIEM provides the following capabilities:

  • Via on-premise Cloud Connector Appliance:
    • Collection of log information from a variety of log sources
    • Normalization of log information into events
    • Enrichment of collected events with information from a variety of enrichment sources, both static and dynamic
  • Via Web UI:
    • Dashboards for continuous monitoring
    • Alerts for automatic detection of threats
    • Search and Search templates for data analysis, investigation, and threat hunting.
    • Reporting
    • Incident management
    • Case management
    • Automation of investigations and response

Known Limitations

  • The list and the names of the log repositories must be configured to be the same between the Cloud Connector Appliance and the Web UI.
  • Enrichment information is not shared between on-premises instance and web UI, which means that:
    • Static enrichment sources (CSV, TXT) must be replicated by the user
    • GeoIP and TI enrichment sources must be configured on Cloud Connector Appliance and the Web UI.
    • Certain enrichment sources such as IP2Host, AD or ODBC cannot be used in the Web UI.
  • guardsix SOAR Investigation and Response integrations are limited to publicly-accessible services.
  • guardsix Director is not supported by guardsix Cloud Connector Appliance or guardsix Converged SIEM service.

Compatibility

  • The SaaS-version of guardsix SIEM is compatible with the content and plugins released for guardsix SIEM 7.0.
  • guardsix Cloud Connector Plugin may only be installed on a full guardsix SIEM 7.0 installation and cannot be installed on a guardsix Collector (LPC) instance.
  • Only username-password authentication is supported in the guardsix Converged SIEM Web UI.

Supported Regions

The SaaS-version of guardsix SIEM is supported in the following geographical locations:

  • US (Oregon)
  • EU (Ireland)

As part of the guardsix SIEM service, the Customer must select a region where guardsix SIEM service will be activated. guardsix will store and process the submitted data in the selected region according to guardsix Data Processing Addendum.

Technical Contact

As part of the guardsix SIEM service, the customer must provide a technical contact email for communication regarding the service. guardsix will use the provided contact information for the following purposes:

  • Notifications about changes in service status such as degraded operation, incidents, or outages.
  • Notifications about changes to the service, such as changes to the capabilities, service level agreements and terms of service.
  • Notifications of Maintenance Windows.

As part of the guardsix SIEM service, the customer can use guardsix ServiceDesk for technical support, reporting incidents, and service requests.

Service Level Agreement

This Service Level Agreement defines the guardsix SIEM service policy and guardsix’s commitment to service availability.

Shared Responsibility

By using guardsix SIEM service, the Customer agrees to the Shared Responsibility model of service availability.

As part of Shared Responsibility model, guardsix takes the following responsibility:

  • Ensure availability of guardsix SIEM Web UI, targeting communicated Service Level Agreement.
  • Monitor the on-premises guardsix Cloud Connector Appliance instance via guardsix Support Connection to ensure a smooth collection of log information into guardsix SIEM service.
  • Provide support to the customer regarding data collection on-premises.
  • Provide support to the customer regarding guardsix SIEM Web UI.
  • Notify the customer in case of changes to the service status, capabilities, service level agreements and terms of service.

The customer takes the following responsibility:

  • Provide accurate and up-to-date Technical Contact information.
  • Keep guardsix updated about significant changes in the Customer’s network architecture and Cloud Connector Appliance instances.
  • Configure log collection, normalization, and enrichment according to the agreed number of devices and/or company employees.
  • Ensure the security of all license and credential files issued by guardsix in connection with the service.
  • Ensure proper capacity and Internet connection bandwidth for the Cloud Connector Appliance instance to ensure smooth collection and transmission of the logs.
  • Ensure Support Connection is always enabled on the Cloud Connector Appliance instance for guardsix Support to provision monitoring and support services.
  • Follow the user manuals and recommendations from guardsix Support when configuring and using guardsix Converged SIEM and Cloud Connector Appliance.
  • Configure detection, monitoring, and reporting content according to best practices and recommendations from guardsix.

Definitions

  • The monthly Uptime Percentage is calculated by subtracting from 100% the percentage of minutes in the Monthly Period where the service was not in the state of Availability as described by the service.
  • Service Credit Percentage is the percentage of the service costs prorated to the Monthly Period where the SLA is applied.
  • The monthly Period is from the 1st of a calendar month until the 1st of the following calendar month.

Commitment

guardsix commits to the following levels of service availability:

  • Web UI: 99% uptime within every month, except for Maintenance Windows and disaster events. Availability is measured as guardsix Web UI’s ability to respond to requests.

In case of services not being available according to the commitment, the customer is entitled to Service Credits as a percentage of service charges for the billing period prorated to the duration of the Monthly Period when the incident occurred:

Monthly Uptime Percentage Service Credit Percentage
Less than 99% but more than 95% 10%
Less than 95% 25%

Our internal Service Level Objectives are significantly higher than the communicated commitments, and guardsix works towards raising the SLA commitments.

guardsix service objectives for Service Requests and Support are governed by guardsix Support Service Level Agreement.

Example on calculation

In Oct 2022, the customer experienced an outage of guardsix UI, so the customer couldn’t log in and perform investigations for 2 hours on a particular Monday – and 4 hours on the following Tuesday.

Total Time = 31 (days) * 24 (hours) * 60 (minutes) = 44640 (minutes)

Confirmed Outage Time = 720 (minutes)

Monthly Uptime (October) = (1 – 720 / 44640) * 100% = 98.39%

Eligible credit = 10% of the Monthly Price.

Service Credit

If guardsix does not meet a Monthly Uptime Commitment, the Customer has the right to claim a Service Credit. For guardsix to consider a claim, the Customer must submit the claim by emailing guardsix at saas-billing@guardsix.com and citing the applicable invoice number the Service Credit is claimed against. The Service Credit shall be deemed waived unless guardsix receives the foregoing email request claiming a Service Credit within 14 days of the end of the Applicable Monthly Period.

guardsix will inspect all information reasonably available to determine whether any Service Credit is owed. The customer must comply with the Agreement and be current on all payments at the time the reported Service Credit occurred to be eligible for a Service Credit.

If guardsix determines that a Service Credit is owed to the Customer, guardsix will apply such Service Credit to any future payment of fees occurring. Service Credits will not entitle the Customer to any refund or other payment from guardsix. The customer may not unilaterally offset its fees for any availability issues.

Exclusions from the Service Level Agreement

The service availability SLA does not apply to the service issues:

  • Due to factors outside guardsix’s reasonable control, including network, Internet, or other access or availability problems beyond the demarcation point of guardsix.
  • That result from the Customer’s inability to comply with responsibilities defined in the Shared Responsibility section of this document.
  • That result from Customer’s unauthorized access, customization of the service, fault in or absence of Customer’s input.
  • That result from the Customer’s overburdening of the service or failure to properly configure system components, modify its use as advised by guardsix, or comply with the official documentation.
  • That result from the provision of Support, including maintenance operations (see Maintenance Windows section) and any actions arising out of Support as requested or performed by the Customer.
  • That result from any additional components outside of the guardsix services scope.
  • That appears in the service component or instance defined as “beta,” “preview,” or “non-production” by Customer’s agreement and/or official documentation.

Maintenance Windows

guardsix will need to perform maintenance operations on the guardsix Cloud Web UI and Data Collection Endpoint.

Planned maintenance will be organized into Maintenance Windows, which will be notified via Technical Contact communication at least two weeks before the activity.

In rare cases of Unplanned Maintenance, where urgent action is needed to maintain stability and continuity of the service, guardsix will notify the Technical Contact about the time and nature of the maintenance operations to be performed and their impact on the service.

Disaster Recovery

Events that are not under the control of guardsix and impact guardsix’s ability to operate guardsix Cloud service for more than one customer are qualified as disaster events. These events may include natural disasters, technological failures, or human actions, either malicious or erroneous.

guardsix takes reasonable measures to ensure recovery in case of disasters that affect a single availability zone with the following objectives:

  • Recovery Time Objective: 24 hours
  • Recovery Point Objective: 24 hours

guardsix works continuously on our disaster recovery measures to improve the objectives and enable recovery across geographical locations.

Compliance

guardsix is committed to following best practices and obtaining certifications according to SOC2 or equivalent, GDPR and ISO 27001.