Functional requirements

The following requirements should be fulfilled: 

 

 Fully featured logmanagement-system

 

 receive logs in ANY logformat 

 Converting ogformats to support SIEM requirements 

 filtering unwanted logs 

 Protecting pipelines from overflooding 

 

 

 Should fully integrate with Qradar and other SIEMs 

 The following functionality should be available

 

 buffering (in case of congestion/network outage/component failures) 

 filtering (should be possible anywhere in the pipeline) 

 logs should be searchable in a database-like datalake 

 logs should be stored to cold storage 

 encryption of data in transit AND data at rest should be supported 

 high availability, system should be able to fully recover from any type of intermittent failure 

 Redundancy: components should be replacable without service-degradation. 

 Solution should be platform-independent (OS/Hardware agnostic) 

 Components must be supported on latest OS/patchlsevels. 

 Components should be in active development/support. 

 platform should support log-transformation to meet Qradar log-standards 

 Each part of the data-pipeline should be auditable/monitorable. 

 Multi tenancy 

 Proven technology