SIEM (Security Information and Event Management) Support

The contractor shall perform SIEM support below activities include preparation of Task Order Management Plans, cost analyses, activity and project tracking schedules, risk registers, and risk and issue mitigation strategies for all SOC activities. This task consists of the following subtasks:

1. Log Management
1. Review of ingestion and normalization of logs
2. Ability to ingest and analyze all common log formats
3. Consulting on log storage method and pricing tier
4. Consulting on cost management recommendations for log pricing
2. Sentinel
1. Sentinel management with regularly updated baseline
2. Continuous deployment of updated rules
3. Threat Intelligence
1. Disburse threat intelligence to key employees
2. Ability to share hardening recommendations and update baseline from lessons learned across full client base
4. Staff support
1. Educational development ability to leverage Microsoft partnership and team s technical knowledge to hold workshops and training on Azure and M365 Cloud Services
5. Continuous Improvement
1. Review of Architecture to look for gaps in cybersecurity solution
2. Drive efficiencies in logging and log storage
6. Program Management Support
1. Recurring operational touchpoints
2. Quarterly Executive Management reviews
7. Automated Response
1. Utilize an expert system designed to enhance security investigations by leveraging comprehensive data analysis capabilities. It seamlessly integrates both external and internal data sources to gather, correlate, and analyze entity-related information, ensuring a holistic view of each security case. The expert system employs sophisticated algorithms to cross-reference and validate data, making precise determinations or enriching cases with substantial evidence. This process not only aids analysts in making informed decisions but also accelerates the incident response time by providing actionable insights and detailed context. By automating the investigation workflow, our expert system significantly reduces the manual effort required, allowing security teams to focus on more complex threats and strategic initiatives.
8. 24x7x365 monitoring of security events
1. Desktop Advanced End Point Detection and Response threat detection and threat response services related to an advanced end point detection and response technology such as Microsoft Defender, 365 Defender, Defender for Office, Trellix, etc.
2. Server Security Detection and Response threat detection and threat hunting services to quickly detect and investigate endpoint attacks related to Server Endpoints
3. Firewall Security Monitoring Service Monitor and Management of security and system health-related alarms. Alerting and Notification of validated attack threats on primary Firewall, Network Devices
4. AD User Monitoring - Monitoring, Logging and Reporting of active directory security user s behavior security alarms. Alerting and Notification of validated attack threats according to applicable user activity.
5. Monitoring Microsoft Sentinel instances
6. Ability to analyze syslog and CEF
7. Custom alerting capabilities based on business requirements.
9. Incident Handling support
1. Incident management support for SOC
2. Recurring operational reviews with designated SOC Lead
3. Provide recommended best business practices when responding to events