Engineered Modern
Container-Based SIEM Solution for DoD Customer
The Challenge
Providing 24x7x365 monitoring and incident response has become increasingly complex as attack surfaces have evolved. As a result, one DoD customer needed to quickly modernize its SIEM solution to keep pace with the volume and variety of data from disparate sources and provide its Security Operations Center real time visibility to detect and respond to threats across the network.
How We Helped
Deployed Elastic Cloud Enterprise (ECE) to ingest data from over 6,000+ endpoints and integrated logs from Solarwinds, ProofPoint, Trellix ESS, Cisco FirePower, and Big-IP/F5 firewall logs.
Leveraged Docker containers to provide a consistent, isolated environment and ensure stable configurations.
Engineered an on-premise S3-type solution to meet long term storage retention and site replication requirements.
Built custom Logstash parsers to extrapolate additional event data and created custom Elasticsearch dashboards turning scattered data into useful information for the SOC.