What are investigations?
Investigations are research or consultancies made by the Axur Research Team regarding threats, threat actors, and bulletins. They consume research hours hired in your plan and, being it a personalized service may take up different amounts of time, depending on the nature of the investigation.
The amount of research hours available on the Axur platform corresponds to the total of your contractual agreement. For instance, if you have purchased a 4-hour per month plan, the overall amount for a year will be 48 hours. This value will be displayed on the platform and can be utilized during the duration of your contract.
How to request an investigation?
It is possible to request investigations from tickets, threat actor profiles, bulletins, and directly on the first screen of the Deep & Dark Web area or on the Investigations page, by clicking on the Request investigation button.
The next step is to fill out the request form, in which you are asked about the type of investigation needed, whether you authorize the purchase of items, and what is expected on the report.
Visibility of the investigations
You can follow all the investigations requested from April 2023 on the Investigations page. Each investigation has:
Title;
Last updated date;
Ongoing status;
Time consumption so far;
Link to the related ticket, threat actor, or bulletin - if it has;
Download the latest report made available from our team.
Ticket, threat actor, or bulletin with investigation
When a ticket, threat actor, or bulletin has an investigation requested, you and all your team with access to the Deep & Dark Web workspace can see it.
If the investigation is requested from a ticket, it registers on the Events History, in the ticket detail. It is also automatically forwarded to the treatment tab in the Deep & Dark Web workspace and is treated as internal treatment within the lifecycle.
Follow up and report
The investigation follow-up happens via email, and the Axur Research Team will reach out to you regarding the request.
If you wish to communicate with the Axur Research Team to add information or to receive updates about your investigation, simply reply to the email received after the investigation request. It will be responded to as soon as possible. The confirmation email sent after the request has the following subject structure: Investigation Requested #ID - Investigation Title.
More than one person can get messages about the investigation. By default, the notified email is the requester's, but he/she may ask for others to be included. The report can be downloaded directly from the Investigations page.
It is also worth mentioning that the resolution time and requested information on the interaction with threat actors depends on their availability and willingness. Axur is not responsible for resolution deadlines, as it is not exclusively up to us to solve them.
SLA
Our investigations often depend on interaction with third parties, so we cannot guarantee a delivery SLA. We have set the following guidelines for aligning customer expectations:
All requests are initiated within 1 (one) working day. Cases flagged as High Priority when they are opened will start within 4 working hours.
All investigations must have their status updated every 3 working days. When there is no change in status, the customer will be notified via email about the reason.
Customers have up to 3 working days to provide answers to investigations in “Awaiting Customer” status, otherwise the investigation may be closed for lack of response.
The information obtained in investigations is delivered in the previous response via an email message and, when completed, an Intelligence Report is provided with all the details of the investigation.
If you have any questions, feel free to reach out at [email protected] 😊