The customer required that their SIEM infrastructure be upgraded and modified. 15 additional security based applications and their logs needed to be implemented and integrated in the SIEM solution. This SIEM solution was implemented in order to decommission an older SIEM. The customer’s environment also needed to be PCI compliant with at least 1-year data retention with data replication in case of Disaster Recovery. A clustered environment was implemented to meet this requirement.
- In order to address the customer’s needs, ReliaQuest designed the architecture and solution required to meet all of the business requirements of this project.
- From an application standpoint, the SIEM environment was upgraded The Syslog feeds from the 15 Security based applications needed parsed and tagged to translate the pertinent data fields used for reporting and analysis.
ReliaQuest had to provide highly specialized and customized configurations to meet a unique requirement of the customer occurred due to a technical limitation in their environment where the Load Balancer could not provide the client host ip/name in the syslog header. A transform was designed and implemented that recognized patterns in the log data and associated that log to the correct host and data type. Allowing the data to be properly implemented and usable by their Security Team.
- July 21, 2016 Financial Company Network Configuration Case Study The customer had a fairly mature Network Model that they had neglected for a number of months. There were a large number of unplaced objects that had been captured by their automated configuration update system, their version was out of […]
- July 21, 2016 Internet Service Provider SIEM Upgrade Case Study The following case study was done on a client that initially had purchased their SIEM solely to satisfy PCI requirements that were assessed a few years prior. ReliaQuest performed an initial health check to determine the current state of […]