The vendor required to provide cybersecurity services including daily administration, monitoring, reporting, and support for managed security information and event management (SIEM), center, managed detection and response (MDR), vulnerability scanning, patching solutions and overall cyber staff augmentation services.
- SIEM solutions
• Cloud-based, fully outsourced, SIEM solutions including rule writing, report generation, alert generation, and incident workflow.
• A properly sized SIEM solution to support 90 days of “hot” log data and 275 additional days of “cold” storage.
• Must include ability for customer export of log data for additional cold storage requirements.
• Centralized authentication (e.g., security assertion markup language (SAML)) with multi-factor support, event collection, parsing, storage, and retention.
• Correlation rule development, maintenance, and tuning.
• Threat intelligence feed integration, ingestion, parsing and policy configurations.
• Investigation of alerts, configuration of incident workflows, notifications, and solution orchestration.
• Reporting and metrics development.
• Ability for installation of software on customer endpoints.
• Real-time monitoring and maintenance of system health and performance.
• Ability to ingest log data from nearly any security or information technology.
• Ability to provide user and entity behavior analytics (UEBA) to identify, triage, and alert on privileged account abuse, privilege escalation, data exfiltration, anomalous behavior, and credential compromise.
• Ability to perform analytics using AI (artificial intelligence) and ML (machine learning) to identify and triage, based on regression, classification, forecasting, clustering, and anomaly detection.
- SIEM setup and operations
• Full platform management of the cloud-based SIEM solution.
• Integration of all applicable data sources for windows and syslog-based data sources.
• Ensure ingestion of appropriate security events.
• Integration of any applicable API.
• Installation, setup, tuning, and operation.
• Security architecture workshop – initial and periodic.
- SIEM tuning and baselining
• Setup basic, pre-packaged SIEM alerts for the environment.
• Setup custom alerts applicable to the environment.
• Adjust rules and thresholds as applicable to the environment.
Set up free email alerts and get notified when new government bids, tenders and procurement opportunities match your industry and location. Choose daily or weekly delivery.
