Through work on the DRS Data Safe Haven ISG Research Services (RSS) developed a Security Information and Event Monitoring tool, using an industry standard data analytics tool (SPLUNK). While this is a very complex and powerful tool the RSS team has been able to extend the Splunk inputs to a sub-set of RSS services (eg. DataStore).
The use of Splunk with DataStore has already proved extremely valuable in identifying security vulnerabilities and confirming architectural configurations.
The current proposal is to maintain the Splunk licence to continue to provide threat insight to our research services.
In due course it would be valuable to extend this to have a monitoring service that can manage the SIEM outputs and point to appropriate actions.
Current project status
|Report Date||RAG||Budget||Effort Completed||Effort to complete|
|November 2021||BLUE||0.0 days||0.0 days||0.0|