Through work on the DRS Data Safe Haven ISG Research Services (RSS) developed a Security Information and Event Monitoring tool, using an industry standard data analytics tool (SPLUNK). While this is a very complex and powerful tool the RSS team has been able to extend the Splunk inputs to a sub-set of RSS services (eg. DataStore).  

The use of Splunk with DataStore has already proved extremely valuable in identifying security vulnerabilities and confirming architectural configurations. 

 

The current proposal is to maintain the Splunk licence to continue to provide threat insight to our research services. 

 

In due course it would be valuable to extend this to have a monitoring service that can manage the SIEM outputs and point to appropriate actions. 

Current project status

Report Date RAG Budget Effort Completed Effort to complete
November 2021 BLUE 0.0 days 0.0 days 0.0

Project Info

Project
SIEM monitoring
Code
RSS407
Programme
ITI - Research Services (RSS)
Management Office
ISG PMO
Project Manager
Aaron Turner
Project Sponsor
David Fergusson
Current Stage
Close
Status
Closed
Project Classification
Run
Start Date
30-Aug-2021
Planning Date
13-Sep-2021
Delivery Date
29-Nov-2021
Close Date
06-Dec-2021
Overall Priority
Highest
Category
Discretionary

Documentation

Not available.

Project Dashboard

Project journal

No entries found.

Change dashboard

Nothing to report.