Having knowledge of implementation and monitoring of IBM Q-Radar tool
Monitoring of security logs, events and incident to identify and raise alert for any suspicious activity that may lead to security breach.
Develop, update and maintain log baselines for all platforms integrated with SIEM available in infrastructure
Detection of internal and external threats/attacks on infrastructure, servers, applications, databases, Identification of network behavior anomalies
Creation of the appropriate rule and configuration to detect the indicative minimum list of events from the integrated devices (but not limited to)
DDoS, Brute force attack, Cross site scripting, SQL injection, Vulnerability scan, Port scan, Traffic pattern analysis, Bandwidth utilization analysis, Host behaviors and traffic analysis to identify threats, Virus outbreak
Monitor, detect and manage incidents for network behavior anomalies for the below listed minimum set (but not limited to)
Granular monitoring of DB queries, objects and stored procedures
Correlation of logs from multiple sources to detect multi vector attacks
Manage any faults in the SIEM solution by trouble shooting and coordinating with the OEM/principle
manage the log storage including online, offline and archival systems for the logs.
Support implementation of SIEM solution by with the following activities: Review of architecture, program management of implementation, skill acquisition on the tool. Vendor should support such activities any time that it is required during the contract period
Development of dashboard/reporting templates
Provide training and best practice updates for onsite team from its backend resources