The Logging and Monitoring service provides a security information and event management (SIEM) platform for monitoring targeted network, systems, applications and security log sources. This enables reporting and alerts on abnormal traffic detection in near real time. By monitoring and tracking system events, your agency will be better equipped to identify indicators of compromise and take action for incident response.
The Logging and Monitoring service will aggregate and report on log data events within your information technology environment.
The service is offered as a delegated administration model. Customer data and system resources are separate and administered by customer administrators.
Managed services staff members provide technical expertise in use of the platform and are on call 24/7 to resolve any system problems with the production environment.
Produce trending reports that allow for measurement of effectiveness of activities.
Service Customers will have the ability to:
Define their security logging and monitoring strategy and requirements.
Onboard the targeted logging sources and customize SIEM alerts and reports.
Discover and evaluate interesting and/or abnormal system events for awareness or mitigation.
WaTech Logging and Monitoring Service deployment method:
The Logging and Monitoring service uses dedicated virtual appliances located in the State Data Center in Olympia, Washington.
The Logging and Monitoring system is logically connected in your agency’s virtual routing and forwarding (VRF) connection into the State Governmental Network (SGN).
All results, reports and alerts are managed and viewable by your agency designated administrators.
The Logging and Monitoring service is included in the network allocation, which now includes the former security allocation. The percentage agencies contribute to the allocation is applied to set the baseline for provisioning a customer’s SIEM capacity. If a customer exceeds their allocated capacity, WaTech will work with the customer and the vendor to negotiate customer costs for additional licensing and or hardware required for additional capacity.
A minimum baseline of 500 events per second (EPS) with not more than 90 days of log data retention in the primary storage.
Your provisioned EPS will increase beyond the minimum baseline based on your contribution into the allocation.
Features not covered by the allocation, such as packet capture and training offerings, are optionally available at additional costs and can be brokered through the WaTech vendor contract for a handling fee of 5% of the new purchase price.
How to Order:
The first step to becoming a Logging and Monitoring customer is to confirm that the basic requirements are met:
Basic requirements for the Logging and Monitoring service
- Connectivity to the State Government Network (SGN).
- Member of the Enterprise Active Directory (EAD) or access to an agency-based active directory service.
- Connectivity to the multiprotocol label switching (MPLS) wide area network (customer VRF).
- Contributor to the State Network Allocation.
Terms of Service (TOS)
Please select the link below to accept the Logging and Monitoring Terms of Service (TOS) to start the deployment discussions:
WaTech Support Center