Implementation and Configuration • Deploy a SIEM platform in accordance with industry best practices • Integrate and ingest logs from key platforms including, but not limited to: • Microsoft Azure • Microsoft Defender • Active Directory • Google Workspace • Jamf • SolarWinds • GoGuardian • RapidID / Identity Automation • IoT devices, switches, and O365 services • Vulnerability Management • Normalize log data and establish alert thresholds and filters • Ingestion of logs via syslog, API, custom scripting with 180 day retention Training and Knowledge Transfer • Conduct initial training sessions for JCPS cybersecurity personnel • Provide documentation and knowledge transfer materials for ongoing operations Alerting and Reporting • Enable customizable alerting via SMS and email • Build and customize reports and dashboards • Automate alert responses where feasible Support and Maintenance • Provide service and support via a ticketing system • Include reasonable SLAs for issue resolution and escalation.
