Specifications include, but are not limited to: selecting a Security Information and Event Management Tool. • Collect system log information from security tools, hardware, and business applications • Ability to generate regulatory and industry compliance reports • Ability to analyze security data in real time • Correlate security events and detecting potential indicators of a breach • Visually present detections and events to cyber security professionals • Machine learning ability to learn and adapt to new threat indicators automatically and without input • Ability to perform advanced threat hunting • Incident triage and advanced investigation • Alerts and notifications through SIEM • Display results/searches by IP, hostname, username or hardware • Ability to automate report generation and e-mail to specific users • MFA login capable • Ability to create health dashboard for network infrastructure, servers, and major applications, this could include items such as vulnerabilities, CPU utilization, hard drive space, etc., etc. • Ability to drill down on specific assets • Ability to deploy in the cloud
