For some of the more critical incidents that Symantec Endpoint Detection and Response creates, you can request emergency assistance from the Symantec Incident Response Team. This team provides the expertise that can help you resolve a critical incident and to minimize any effect from threat's and cyber attacks.
For critical incidents, the Engage Symantec Incident Response option appears on the Incident details page. These incidents include any of the following incident types: Targeted Attack, Targeted Email Attack, Dynamic Adversary Intelligence, or Breach Detection Service.
When you click Engage Symantec Incident Response, a form appears that you fill out and email to the Incident Response Team. The Incident Response Team reviews the request and then replies within 3 to 4 hours with a recommended action to resolve the incident.
You can also request additional help from the Incident Response Team for a fee. For more information on the Symantec Incident Response Team, click here.
You must have Admin or Controller rights to request Symantec Incident Response assistance.
To use Engage Symantec Incident Response, you must configure Symantec EDR to communicate with an SMTP-compatible mail server.