Elastic ERU Software and Professional Services

The Vendor is required to provide for elastic enterprise software and elastic solution architect professional services for a new security information and event management system.
- Eligibility:
•    Be an authorized reseller of Elastic software at the time of bid submission;
•    Be authorized to sell Elastic Enterprise (Enterprise Advanced) subscriptions;
•    Be authorized to resell Elastic Solution Architect professional services.
- Required Software Capabilities
•    Distributed search and analytics
•    Hot/Warm/Cold data tiering
•    Index Lifecycle Management (ILM)
•    Ingestion and analysis of security telemetry
•    Elastic Common Schema (ECS) support
•    Threat detection using KQL, ESQL, and EQL
•    Security investigations and case management
•    Role-based access control (RBAC)
•    TLS encryption in transit
•    SAML and/or OIDC identity integration
- Professional services shall include all of the following activities:
•    Design of a production-ready Elastic Security architecture
•    Configuration of Hot/Warm/Cold deployment tiers
•    Configuration of Index Lifecycle Management (ILM) policies
•    Engineering ingestion pipelines for up to ten (10) security data sources
•    Validation of ingestion throughput up to 500 GB per day
•    ECS normalization and data mapping
•    Configuration of TLS encryption and RBAC
•    Integration with University SSO using SAML or OIDC
•    Deployment and tuning of a minimum of fifty (50) detection rules
•    Migration of existing security monitoring use cases
•    Performance benchmarking and validation
•    Knowledge transfer and documentation.