Specifications include, but are not limited to: procurement of a Security Information and Event Management (SIEM) solution and associated professional services to assist in the effective implementation of said solution; Data Collection, Aggregation, and Normalization Must be able to support multiple campus environments, separating access, alerting, and log management Must support the ability to maintain readily accessible logs. Describe your solution’s options for default or configurable log retention. Must support the ability to automatically roll old logs to an archive which can be accessed for up to 1 year if required by an investigation. Must have the ability to normalize data within a complex environment to reduce false positives. Integrations Must have built-in capability to ingest and analyze logs from common desktop and server endpoints. Please describe the operating systems and databases supported by your solution. Must have built-in capability to ingest and analyze logs from major vendor solutions, such as email, network, firewalls, etc. Please describe your commercial partnerships. If your solution is able to ingest and analyze netflow data please describe this functionality. Must have built-in capability to ingest and analyze logs from cloud environments including Microsoft Azure, Oracle Cloud Infrastructure, and Amazon Web Services Correlation Must detect threats by correlating information among disparate log sources. Must provide ability for queries to operate against multiple log sources. Data Security Must provide controls to ensure the continued integrity of log data and prevent unauthorized modification. Must provide encryption of all communications between collection sensors and storage repository. Must provide encryption of all data within sensors/aggregators/analyzers.
