The SOC can be contacted by all employees and students who access RWTH networks.

As soon as anomalies or irregularities are detected on your workstation computer, a server, a virtual machine or in relation to the accounts you use, you should contact the SOC immediately - if necessary in consultation with the officially designated contact persons.
Although the SOC takes proactive measures to protect all employees and students on the RWTH network, it relies on the vigilance of users and administrators to identify systems that cannot be detected by automated processes.
Analysis can only begin after a report has been made. If necessary, log data must be backed up before it is deleted.