Specifications include, but are not limited to: Vendor must provide a hosted, managed service to provide a user behavior analytics platform (Platform). This must include storage, compute and all services required to keep the platform operational based on requirements. It is acceptable to have event collectors on the local LAN if required, but the collector hardware must be provided as part of the service. Platform must also function as a SIEM (security information and event management) tool, storing full event logs (i.e. not just metadata) for future searches, reports and ad-hoc queries. Platform must include out-of-the-box analytics for user behavior analytics. Platform must baseline user behavior and alert on anomalous activity. Platform must alert on risky activity based on job role or in comparison to others in the same job role. Platform must include out-of-the-box analytics for detection of malware, advanced persistent threats and lateral movement. Platform must include out-of-the-box analytics for detection of unauthorized or inappropriate access of health care records in the electronic medical record system (Epic). Search capabilities must support natural language queries and be highly responsive despite size of data set. Describe the “big data” format that would ensure this requirement.