Step 2 - SOC Onboarding

TIP: Please mark Perch as a ‘preferred sender’ to ensure our communications avoid your Spam/Junk Folder and stay in your Inbox.

After your installation is complete, you will receive an email to schedule a SOC Onboarding call with a link for scheduling. If you do not see an appointment time that works for your schedule, please reach out to help@perchsecurity.com.

Prior to your onboarding date, we’ll work behind the scenes to verify that your sensor is producing good traffic. Our SOC Onboardings are intended for anyone that will be logging into the Perch App. One of our goals is to make sure all Users are comfortable getting around and know what to look for. Our Analysts use and see the same data that’s available for our Users, providing an on-the-job experience for clients who want to be involved. Perch is a ‘set and forget’ appliance, but we encourage avid participation.

Who and what to bring?

Anyone who will be using Perch. Our scheduler will allow you to invite as many Team members as you like. If you need help adding people to your event feel free to let us know and we can help. We will always provide a recording of the meeting should you like to use it for internal training. If you’d like a copy, please let us know one day prior to your scheduled SOC Onboarding.

Who will be on the call?

Customer Success team, SOC team, and you.

TIP: The SOC can be reached directly at soc@perchsecurity.com with any questions regarding your alerts, escalations, and security.


  • Introductions
  • Overview of the Perch homepage
  • Alerts - status, indicator, destination IPs
  • Note reviews - Investigating, On Hold, Escalated, Closed, By Host
  • Remediate - alert has been reviewed and nothing malicious is found
  • False/Positive - allows you to tune an Alert (suppress)
  • Indicators, Open Alerts, Suppressions, Sightings, Comments - Private (SOC only) vs Public (Perch community)
  • Perchybana - Discover - IP reputations, Event Types, Traffic searches
  • Dashboards - creating new dashboards
  • Visualizations - record types (http/dns)
  • O365 Integration
  • Next Steps – 21-Day Alert Review

Frequently Asked Questions

Q: What is a SOC Onboarding?
A general overview of the Perch App, introduction to our SOC, and introducing terms like Perchybana and open Q&A.

Q: Will I need to have a SOC Onboarding for every client I bring to Perch?
No. We only need to train those who are using the platform. If you are an MSP and manage Client networks on their behalf, we will likely only need one Onboarding. After a successful install on behalf of your client, that network will be covered in your Recurring Alert Review.

Q: I’ve noticed strange traffic on one of my sensors. How do I verify the network is safe?
Email soc@perchsecurity.com – monitored 24x7. If our analysts find anything that needs immediate attention from your end, an email will be sent to everyone listed as a primary or secondary contact in the App. In case of an emergency, the phone number provided will be contacted immediately.

Q: Who should I list as my primary contact?
We require one of your listed contacts to be a shared distribution email. This allows Perch to ensure that in case of an emergency, our emails will get delivered to your team.

Q: Can we customize visualizations on our own?
Yes. In order to do so we’ll need your requirements submitted to soc@perchsecurity.com.