In the event of a security incident, our Rapid Response Force is available 24/7. 

Monitor, detect and protect with Security Operation Center

Formind’s SOC services enable companies to monitor their information systems (using some of the most powerful SIEM, EDR and NDR solutions on the market) and detect attacks extremely quickly, while eliminating false positives.

Contact us

20 %

of companies are victims of ransomware.
*CESIN 2023 barometer

Are you sufficiently protected against cyber attacks?

Attacks are becoming more complex, and hacker networks are multiplying and becoming more organized. It is becoming increasingly difficult to detect these attacks using conventional SOC tools and operating methods.

An SOC is set up using a tiered approach based on the scope of coverage: endpoints (EDR), infrastructure equipment (SIEM), SaaS security tools (API connector), network (NDR); while limiting the number of technologies to harness their full potential.

Deploying the Formind SOC enables you to obtain initial results in less than 2 months, compared to a standard SOC which often takes 6 months. As these results are accessible via the Security Cockpit, you are informed in real time of the status of your alerts and incidents, so you can take appropriate protective action.

The Formind SOC orchestrates your security solutions and enables you to :

  • Monitor your infrastructure and reduce risks
  • Be able to detect attacks before their impacts become visible
  • Reduce risk, gain peace of mind and increase your partners’ confidence

Be able to detect attacks without waiting for their visible impact


The Formind SOC can interface with the majority of technologies on the market. We can interface our tools to yours (Azure Sentinel, Splunk, Logpoint, Elastic,…), EDR (Microsoft, Crowdstrike, Sentinel One, Harfanglab, Cybereason, Trellix, CheckPoint,…) thanks to our expertise in the various solutions on the market and the design of the Formind SOC architecture.

True positive billing

Invoicing is based on the number of security incidents handled by the SOC. This approach has several advantages :

  • Limit and reduce the number of false positives, and focus our analysts’ efforts on the events that have the greatest impact on your business.
  • Differentiate from invoicing based on volume, EPS or number of assets, which do not reflect a true security approach and are more costly.


Often, the findings of other SOC partners’ services highlight a lack of visibility on alert and incident management, and a lack of scalability to take account of changes in the customer’s organization. Formind is convinced of the need for its SOC experts to support you in your threat monitoring and detection issues, thanks to regular, operational monitoring points.

To achieve this, we have decided to set up bi-monthly steering committees and operational improvement committees (30 minutes every two weeks).

Our aim: to help your teams improve their security skills and enhance the protection of your information systems.

SOC Next Gen

The concept of SOC as Code, industrialized within our SOC, responds to several issues: the constant evolution of the threat, obtaining ROI and concrete, rapid results. To this end, SOC as code enables :

  • Rapidly deployment of standard (150) and customized rules when building your technological environment, whatever SIEM you use. This ensures complete, optimized protection for your environment.
  • Deploy and take advantage of recurring enhancements to keep up to date with the latest threats.
  • Automate certain remediation actions (e.g. workstation isolation, user awareness, etc.) to limit propagation and clear Formind analysts to work on the most complex alerts

Rapid deployment for immediate results, with complete transparency

Quick and easy integration:

Thanks to proven technological choices and developments, SOC deployment is packaged and adapts to all environments:

  • A standardized methodological approach, based on workshops: identification of attack scenarios, deployment scope, access to tools, OHC, OAT and RUN.
  • A simplified collection infrastructure based on alerts generated by security tools. This paradigm shift simplifies integration.
  • An operational SOC and the first alerts in less than 2 months!

A unified view of alerts :

You haven’t deployed an SOC yet? Formind does it for you, with the best technologies on the market and access to the associated expertise: Microsoft Sentinel as your alert orchestrator and an EDR adapted to your environment.

Do you have existing technologies? Formind concatenate on all your alerts in the Azure Sentinel orchestrator and pilots your security tools.

Our customer references

Mission description

In less than 2 months, Formind deployed an EDR, managed by Formind’s SOC teams, to reinforce the protection of all 1300 assets of the customer’s infrastructure.

The approach to setting up the service was as follows:

  • Collection of priority needs and a  risk analysis to determine critical assets and sensitive data.
  • Installation of Harfanglab agents.
  • Implementation of an alert concentrator, with 80 detection rules, including 6 specific ones.
  • Creation of procedures, RACI, architecture documents,steering comitology (monthly and weekly), tool training (included in the SOC).
  • Reduction of false positives.
  • RUN of continuous monitoring and incident management.

Mission description

Set up the supervision service for 500 assets in less than 2 months:

  • Definition of customer requirements, RACI and project comitology; integrated parallel deployment of Microsoft InTune MDM on all workstations.
  • Licensing, creation and configuration of Microsoft Defender for Endpoint for Businesses EDR tools, Defender 365 central console, Microsoft Sentinel SIEM, parsing and connection to the SOC.
  • Implementation of a wave deployment model for EDR.
  • Continuous monitoring on all workstations, TAM, management of alerts, vulnerabilities and associated monitoring.

On behalf of a major French group (120,000 people), Formind supervises a mission-critical application and manages vulnerabilities, non-compliances and security supervision of assets in production on the OCI Cloud.

The approach to setting up the service was as follows:

  • Mapping of existing systems and development of the risk matrix and contextual elements for their implementation in OCI.
  • Installation of event log collectors and concentrators. Mutualization with OCI builtin alerts.
  • Implementation of Microsoft Sentinel SIEM, parsing and connection to SOC.
  • Creation of the RACI, contact point matrix and communication methods. Integration of security operations into existing security project comitology.
  • Continuous monitoring of the Group ERP, management of alerts, vulnerabilities and related monitoring. Editor support.

In an existing SOC, the focus was on efficiency. The aim was to provide expertise to improve existing supervision. With the SIEM playing a central role, we needed to provide a technical analysis of the situation and the tool.

Mission description

  • Creation of security dashboards to help analysts investigate faster
  • Alert creation: platform monitoring (Splunk and Cloud agent collection, loadbalancing, license usage, etc.)
  • New sources added: AWS (Cloudtrail, redshift), Jira, Confluence
  • Splunk platform enhancement: configuration correction
  • Splunk MCO (support in the event of a problem, platform upgrades)

In a sensitive context, the objective was to build an legally compliant SOC and operate it in less than 2 months. The challenge was to meet the compliance requirements of the standard in preparation for a full audit.

Mission description

  • Providing help to our customers in a 100% Agile approach to achieve a minimum-value SOC.
  • Definition of MVP architecture and drafting of design and architecture documents, definition of desired dashboards
  • Elastic SIEM integration, agent deployment and configuration

Following repeated attacks against this ETI on which the FIR Formind intervened, the challenge was to be able to prevent a cyberattack rather than suffer from it.
The aim is was improve the customer’s cyber maturity and operate its SOC and EDR.

Mission description

  • Definition of a security architecture and drafting of design and architecture documents, definition of desired dashboards.
  • Azure SIEM integration, agent deployment and configuration.
  • Performing the RUN and using the MDE EDR.


A SOC project is perceived as long and costly. How does SOC Formind meet this challenge?

We can rapidly deploy our SOC using your technologies, or by deploying proven technologies that are easy to integrate. We scale the service as precisely as possible, using automation to reduce SOC costs.

How do I set up an SOC?

We recommend a gradual increase in technologies, starting with EDR, followed by infrastructure log collection, NDR and DLP.

Do I own anything in this SOC service?

Our standard SOC allows you to work in your own environment, including your O365 tenant, and with your own security tools, or those deployed by us.

Do you commit to remediation when incidents are detected?

We are committed to tracking the entire incident: from notification as an alert in our SIEM to incident closure.

Let's stay in touch

Our experts can provide you with ongoing support for your cyber issues. Do you have a question? You’ve come to the right place, and we’ll get back to you within 24 hours!

Contact us