The Vendor is required to provide security information event management (SIEM) modernization software, specifically seeking the Cribl suite cloud enterprise solution that will allow collection, process and analyze large volumes of telemetry data from a wide array of sources.
- CRIBL will ingest log data from both on-prem sources and cloud sources and to manage log data with the ability to asses and forward to appropriate locations for either security analysis and long/short term storage depending on the relevant data requirements.
- Product Suite: The solution must include Cribl Stream, Edge, and Search: A data Engine for IT and Security that helps analyze, collect, process, and route data at scale.
• This solution should provide management of system and event logs from a wide variety of tools as well as being able to send logs to separate locations for either storage or SIEM investigation.
• In addition, the solution should include disaster recovery, hardware appliances, maintenance and support, and training.
- Compatibility: The tool must be compatible with a wide range of platforms for log ingestion and be able to route logs to different SIEM solutions as well as separate storage solutions.
- Deployment: The solution should be available for deployment in both on-premises and cloud environments to accommodate agency hybrid network infrastructure.
- Centralized Management: The tool must provide centralized management of log sources across multiple tools and platforms, facilitating a unified view and control of log/events. As well as being able to route data to different destinations for either SIEM or storage needs.
- Visibility and Control: Enhanced management of log source data streams and control over log destination; metrics and dashboards should be integrated to provide realistic visualization of utility consumption/usage.
- Log Source Configuration: Solution should offer both built-in configurations for major players in the space and the ability to customize specific log sources for relevant data streams.
- Data management: Solution should allow for data to be configured for specific data locations as well as assist with reduction of unnecessary log data and streamline SIEM functionality.
- SIEM Assistance: Solution should provide ease of transition should we elect to migrate from one SIEM solution to another.
- Scalability: The solution must support agency current infrastructure and be scalable to handle future expansions. This includes the ability to manage an extensive network infrastructure that spans multiple data centers and cloud environments.
- Performance: Solution should not negatively impact SIEM activities nor time to ingest logs. - Technical Support: The vendor must provide 24/7 technical support with a guaranteed response time of no more than 6 hours for critical issues.
- Training: Comprehensive training programs for agency staff on the use and administration of the tool, including both on-site and online training options.
- Initial build/lift: Vendor should provide support options for assistance with configuration of the Cribl infrastructure and log sources.
- Data Security: The tool must include robust security features to protect data integrity and confidentiality during data transmission and storage.
- User Authentication and Authorization: Support for multi-factor authentication and role-based access control to ensure that only authorized personnel can access the tool and make changes to security policies.
- Contract Period/Term: 3 years
- Questions/Inquires Deadline: March 20, 2025