The Logging & Monitoring service provides a Security Information Event Management (SIEM) platform for use in monitoring targeted network, systems, applications, and security log sources. This centralized visibility enables reporting and alerts on abnormal traffic detection in near real time. By monitoring and tracking system events, your agency will be better equipped to identify indicators of compromise and take action for incident response.
Features and Benefits:
- The Logging and Monitoring service will aggregate and report on log data events within your information technology environment
- The service is offered as a delegated administration model so customer data and system resources are separate and administered by Customer administrators
- Provides 24x7 monitoring of event activity in the SIEM through third party managed security services who will evaluate activity and when necessary notify and escalate to your team to take action
- Managed services staff members provide technical expertise in use of the platform and are on call 24x7 to resolve any system problems with the production environment
- Produce trending reports which allow for measurement of effectiveness of activities
- Actively discover misconfigured systems or devices for management or removal
Service Customers will have the ability to:
- Define their security logging and monitoring strategy and requirements
- Onboard the targeted logging sources and customize SIEM alerts and reports
- Discover and evaluate interesting and/or abnormal system events for awareness or mitigation
- Increase “eyes on glass” monitoring coverage to 24x7 365 days a year
WaTech Logging and Monitoring Service deployment method:
- The Logging and Monitoring service is deployed with dedicated virtual appliances deployed in the State Data Center in Olympia, WA
- The Logging and Monitoring system is logically connected in your agency’s VRF connection into the State Governmental Network (SGN)
- All results, reports, and alerts are managed and viewable by your agency designated administrators
Fees for Service:
As of July 1, 2017 the Logging and Monitoring service is included in the network allocation, which now includes the former security allocation. The percentage agencies contributed to the security allocation in fiscal year 2017 is applied to set the baseline for provisioning a Customer’s SIEM capacity. Use of the service beyond a Customer’s provisioned service level will incur additional costs:
- In the event a Customer exceeds their allocated capacity WaTech will work with the Customer and the vendor to negotiate then current pricing for additional licensing and or hardware required to provide the Customer with additional capacity at the Customer’s expense
- Agencies that require longer data retention beyond the provisioned level will incur additional costs per the existing WaTech storage rates. WaTech commodity storage rates can be found here – Storage Area Network.
Each allocated Customer’s provisioned level includes:
- A minimum baseline of 500 EPS with not more than 90 days of log data retention in the primary storage and 9 months in archived storage, for a total of 12 months retention.
- Your provisioned EPS will increase beyond the minimum baseline based on your contribution into the allocation
Features not covered by the allocation, such as packet capture and training offerings, are optionally available at additional costs and can be brokered through the WaTech vendor contract for a handling fee of 5% of the new purchase price.
The first step to becoming a Logging and Monitoring Customer is to confirm that the basic requirements are met:
Basic Requirements for the Logging and Monitoring Service
✔ Connectivity to the State Government Network (SGN)
✔ Member of the Enterprise Active Directory Forest (EAD) or Access to an Agency based Active Directory service
✔ Connectivity to the MPLS Wide Area Network (Customer VRF)
✔ Contributor to the State Network Allocation
How to Order:
Contact the WaTech Support Center to schedule an overview of the service or to request the service. The WaTech Infosec team will work with you to define your requirements and develop a plan for onboarding and implementation.
Terms of Service:
Please select the link below to accept the Logging and Monitoring Terms of Service (TOS):
Logging and Monitoring (TOS)