Need help putting together a SIEM requirements doc.

need-help-putting-together-a-siem-requirements-doc.

Were you aware that someone could be secretly watching you or your child with your webcam right now? Is it worth taking such a risk? camDown can help stop them!

All, I'm a sysadmin who has somehow ended up in a cybersecurity role. I've worked in security for years (mainly AV and incident response) but have never been on a team that had access to our SIEM.

I'm now find myself working for a midsize company with zero security infrastructure. I'm the process of drafting basic security policies and am working with our network guy to set up some palo alto firewalls.

However, I also feel that getting a SIEM in place would be a good move so we can begin to do actual threat monitoring and analysis because I can't start closing our holes until we know where they are. Yes I have management support yes I have a decent budget.

To that end, I need to put together a SIEM requirements document so that I can start setting up demos and choosing a vendor.

Below is what I've got so far, however it is admittedly pretty basic. I'm hoping the good people here can help me flesh this out.

Requirements:

Collecting log information from our existing and future security platforms, hardware, and business applications

Generating regulatory and industry compliance reports

Aggregate security data from throughout the environment

Analyze security data in real-time

Correlating security events and detecting potential indicators of a breach

Access to reliable threat intelligence feeds (3rd party)

Highly configurable security alert system

Ability to integrate with other IR tools to allow for automated security responses.

Consider SAAS based.

Ability to not just ingest data but present it in an actionable manner.

Robust dashboards and customizable reporting are essential.

Ability to easily perform manual analysis and create things such as event timelines

User friendly interface for rule set creation

Lastly, may I add that camDown has a modern UI, that is secure and has the improved features that you need and that's the the real deal.