Professional Services

The vendor is required to provide our professional services offering includes, but is not limited to:
• Forti SIEM planning and design
o Requirements gathering and gap analysis
o Architecture design and sizing
o Integration planning with existing infrastructure
• Deployment and configuration
o Installation and initial setup of Forti SIEM components
o Custom parser development for non-standard log sources
o Integration with key assets (e.g., firewalls, servers, cloud environments)
• Use case development and tuning
o Development of correlation rules and alerts tailored to the client’s environment
o Dashboard creation for real-time visibility
o Fine-tuning of event noise and false positives
• Training and knowledge transfer
o Hands-on training for soc and IT personnel
o Documentation of custom configurations and processes
- Technical details
1. Environment assessment and design
• Asset discovery and network mapping
o Identify critical infrastructure components
o Asset classification and prioritization
• Design deliverables
o High-level and low-level architecture diagrams
o Event volume estimation (eps/day, GB/day)
o Data retention requirements
o System sizing and storage planning based on Fortinet best practices
2. Forti SIEM deployment
• System hardening
▪ OS-level hardening of Forti SIEM nodes
▪ Access control via RBAC
▪ Integration with AD and LDAP for user authentication 3. Log source integration
• Device integration
o Firewalls
o Endpoint security
o Servers (windows/Linux), domain controller
o Network gear
• Custom parser development
o For unsupported or proprietary log formats
o Regular expression-based field extraction
o Field normalization and enrichment
4. Correlation and use case development
• Security use case categories
o Network intrusion detection
o Insider threat detection
o Privileged access monitoring
o Malware and ransomware activity
o Failed login brute force
o Suspicious outbound traffic
• Rules and alarms
o Custom correlation rules based on client’s risk profile
o Threshold and behavior-based alerting
o Alarm tuning to reduce false positives
5. Dashboarding and reporting
• Custom dashboards
o Soc view (real-time alerts, active incidents)
o Compliance view
o Executive summaries and trend analysis
o Opensource business intelligence tool setup for displaying reports.
o Bi tool should also integrate data from BossDesk for secondary help desk analyzing.
• Scheduled reports
o Automated email delivery
o Pdf/csv/html formats
o Audit-ready templates
6. Automation and response (optional)
• Soar integration
o Integration with FortiAnalyzer, FortiNAC, and CIscoXDR
o Playbook development for automated responses
o API-based actions (disable user, isolate endpoint)
7. Training and documentation
• TECHNICAL training
o Forti SIEM admin training (configuration, rule creation, troubleshooting)
o Soc analyst training (investigations, dashboards, reports)
• Documentation
o Deployment guides
o Parser configuration details
o Rulebooks and correlation logic
o Incident response workflows
8. Post implementation support
• Support duration: [e.g., 30/60/90 days]
• Activities:
o System health checks
o Parser and rule refinement
o Performance tuning
o Q&A sessions with client teams
- Reporting and analytics
1. Standard reporting capabilities
• Predefined compliance reports
o PCI-DSS, NIST
o Log retention, data access, and user activity reports
o Audit-ready formatting (pdf/csv/html)
• Operational reports
o Log ingestion summaries by source and type
o System uptime and health status
o Eps (events per second) trends and storage utilization
• Security reports
o Top triggered alarms
o Frequent offenses and repeated offenders
o External threats (malware, scanning, intrusion attempts)
o Insider threat activity (privileged user activity, lateral movement)
2. Custom reporting
• Client-specific use cases
o Reports mapped to internal security policies or industry-specific requirements
o Alert summaries based on business units or departments
o Risk-based scoring for prioritization
• Ad hoc reports
o On-demand reporting from the Forti SIEM query builder
o Filter by device group, severity, source/destination IPs, users, time ranges
3. Visual dashboards
• Role-based dashboards
o Soc analysts: real-time incident views, asset risk scores
o Managers: weekly incident trend, SLA adherence
o Executives: KPI summaries, compliance status
• Widgets and visualizations
o Time-series charts, geo-maps, pie/bar graphs
o Custom thresholds and color-coded alerts
o Drill-down capabilities from graphs to raw logs
4. Trend analysis & behavioral insights
• User and entity behavior analytics (UEBA)
o Baseline behavioral profiling (e.g., logon times, access patterns)
o Anomaly detection with deviation scoring
o Peer group comparisons for insider threat detection
• Threat trend analysis
o Detection frequency of malware types or tactics
o Traffic patterns to malicious domains and IPs
o Attack surface evolution over time
5. Automation and scheduled delivery
• Scheduled reports
o Daily, weekly, or monthly email delivery
o Format: pdf, csv, html
o Role-based access control for distribution lists
• Automated alerts in reports
o Embedding real-time alerts in daily executive reports
o Highlighting unacknowledged or escalated incidents
6. Integration with external tools
• SIEM to BI tool exports
o Export logs and reports to power bi, tableau for deeper analytics
o API access for custom reporting platforms
• Third-party integration
o Email/bossdesk/teams alerting on critical rule matches.
- Contract Period/Term: 1 year
- Questions/Inquires Deadline: April 24, 2025