Cloud-based Network Security Monitoring System
Overview
Fit Score
Settle Intelligence
Settle helps teams find, evaluate, and respond to public RFPs. We continuously surface new opportunities, score them against your company strengths, and draft proposal responses so you can focus on the work that wins business.
SUMMARY
DESCRIPTION
An organization in New York is seeking a cloud-based network security monitoring system for a one-year contract. The required solution must integrate seamlessly with existing Corelight hardware or equivalent equipment and support both the Emerging Threats Pro Ruleset and custom Suricata rules created by various trusted security partners, including UB, MS-ISAC, and REN-ISAC.
The system must provide a Splunk application that enables log extraction in Splunk CIM formats to facilitate integration with Security Essentials, Enterprise Security, and other Splunk tools for alerts, dashboards, and reports. The Splunk app should also come with prebuilt dashboards to support comprehensive log exploration and reporting. Additionally, the system should be capable of delivering regularly scheduled FTP-based feeds of logs in Zeek format to a Linux server for use with AC-Hunter Network Threat Detection Software or similar products.
Furthermore, the solution must support HEC-based log feeds to Splunk, covering detailed records of all network connections, identification of transmitting software, and exhaustive details of LDAP, HTTP, HTTP2, SSL, and DNS traffic. Vendors with robust experience in network security monitoring and proven Splunk integration capabilities are encouraged to respond.
Source attribution
This Settle analysis is based on the issuing organization’s public RFP listing.