Log Management, SIEM, and Observability Solutions

The Vendor is required to provide on comprehensive log management solutions, including on premise, cloud, or hybrid solutions.
- The platform enforces least-privilege principles through role-based access controls, while maintaining high performance and availability via dedicated on premise infrastructure.
- The "security first" implementation is core to university mission and enables it teams to meet university log management policy, including requirements for data integrity, search ability, retention, monitoring, and alerting.
- The Security Operations team has built SIEM-like capabilities with the existing log analysis tool, combining Splunk with external threat Intel and automation tools.
- Solutions that demonstrate the following characteristics:
•    Scalable Architecture: Must accommodate anticipated growth by offering robust data tiering capabilities (e.g., organizing and storing different types of data based on their usage patterns and compliance needs)
•    Solution Flexibility: We welcome both unified single-vendor solutions and best-of-breed solutions that integrate seamlessly 
•    Administrative Consolidation: Preference for solutions that enable unified administration across log analysis, SIEM, and observability functions
•    Cost-Effective Licensing: Scalability, flexibility, and predictability in pricing, accommodating cost containment for future growth
•    Data Quality: High data quality through robust parsing, normalization, and enrichment capabilities
•    Data Security: Emphasis on data integrity and comprehensive security features, including granular access controls (RBAC), encryption, and detailed audit logging
- Agent Functionality and Performance your primary data collection agent(s) or pipeline(s) characteristics:
•    Resource Footprint: CPU, memory, and disk utilization during normal operation and peak load
•    Log Filtering and Pre-Processing: Capabilities for filtering, redaction, and aggregation at the source to reduce network traffic and storage 
•    Resilience and Reliability: Handling of network disruptions (e.g., buffering, retry mechanisms) to prevent data loss
•    Security: Security mechanisms, including encryption protocols  and any required system permissions
- Agent Deployment and Management the process for deploying, configuring, and maintaining agents at scale:
•    Deployment Methods: Supported mass deployment options for Windows, Linux, and FreeBSD (e.g., GPO, configuration management tools, vendor utilities)
•    Centralized Configuration: How configurations are managed, updated, and audited centrally across the agent fleet
•    Health and Monitoring: Visibility into the operational health, status, and version of all deployed agents
•    Agent Diversity: If multiple agent types are required (e.g., logs, metrics, traces), describe the administrative complexity and standardization
- Data Source Onboarding the process and time required to onboard new log source types (e.g., applications, network devices), including:
•    Time-to-Value: Features that accelerate the path from raw data to indexed, normalized, and searchable data
•    Template/Library Support: Available libraries of templates, parsers, and configurations for common enterprise systems
•    Data-Driven Event Routing and Processing: Features that route and process events differently based on their content, including directing events through distinct processing pipelines or to multiple destinations.