NMBU plans to procure a SIEM system that will have 3 general aims:
— ensure log data in a joint system,
— efficient and quick troubleshooting for IT personnel,
— quickly discover unwanted events.
The SIEM system shall be used by the entire IT department, with individuals having different needs and restrictions, e.g. someone in user support will use the system to quickly troubleshoot by correlating different logs, a system consultant will need notifications of hardware overload, a failure of services and trend analyses, whilst the security team have real-time monitoring, notifications of brute force attacks, etc.
The system must be simple and intuitive to use, both as regards configuring log sources, making and using a good visual dashboard and having a good and quick search functionality. The system must have visual clarity, simple modification and set-up of new reports without thorough knowledge of the SIEM product, this will have a lot of emphasis in the competition.