SIEM Accelerator: Basic, Standard, and Advanced

Overview:

Deploy a foundational Elastic SIEM solution including configuration of data ingestion, dashboard setup, and detection rule implementation.

Scope:

• Conduct discovery, finalize up to two out-of-the-box integration data sources, define high-level data fields/use cases, and design a basic RBAC structure for up to two customer roles.
• Provision Elastic Cloud deployment, configure Fleet Server, set up SIEM and RBAC in Kibana, and finalize detection rule and dashboard design.
• Install Elastic Agent(s), configure and validate integrations for the first two data sources, tune and validate detection rules, and build/refine one overview security dashboard using live data and customer feedback.
• Conduct a knowledge transfer workshop, provide documentation, transfer engagement assets to the customer, and complete project wrap-up and sign-off.

Engagement times:*

• Typically, a project commences between six and eight weeks once services are purchased and lasts between one and five weeks.
• The project will be delivered by an Elastic Consultant (or a certified partner resource with Elastic oversight).

Engagement structure:

• All engagements will be conducted over contiguous weeks.
• Breaks in the engagement may result in reassignment of the Elastic Consultant and require additional lead time prior to resuming. They can also impact the level-of-effort (LOE) and/or cost.
• Changes or additions to scope may impact LOE and/or cost; changes will require a mutually executed Order Form (change order).

Customer responsibilities:

• Provide all necessary resources, access, and personnel in a timely manner.
• Provide all requested prerequisite information and documentation prior to the project kick-off call.
• Confirm all onboarding and access requirements prior to purchasing services.
• Determine clear and concise requirements prior to engagement kick-off.

Total consulting days: 10

Overview:

Deploy a foundational Elastic SIEM solution including configuration of data ingestion, dashboard setup, and detection rule implementation.

Scope:

• Conduct discovery, finalize up to five out-of-the-box integration data sources, define high-level data fields/use cases, and design a basic RBAC structure for up to two customer roles.
• Provision Elastic Cloud deployment, configure Fleet Server, set up SIEM and RBAC in Kibana, and finalize detection rule and dashboard design.
• Install Elastic Agent(s), configure and validate integrations for the five selected data sources, tune and validate detection rules, and build/refine two overview security dashboards using live data and customer feedback.
• Conduct a knowledge transfer workshop, provide documentation, and transfer engagement assets.

Engagement times:*

• Typically, a project commences between six and eight weeks after services are purchased and lasts between one and five weeks.
• The project will be delivered by an Elastic Consultant (or a certified partner resource with Elastic oversight).

Engagement structure:

• All engagements will be conducted over contiguous weeks.
• Breaks in the engagement may result in reassignment of the Elastic Consultant and require additional lead time prior to resuming. They can also impact the LOE and/or cost.
• Changes or additions to scope may impact LOE and/or cost; changes will require a mutually executed Order Form (change order).

Customer responsibilities:

• Provide all necessary resources, access, and personnel in a timely manner.
• Provide all requested prerequisite information and documentation prior to the project kick-off call.
• Confirm all onboarding and access requirements prior to purchasing services.
• Determine clear and concise requirements prior to engagement kick-off.

Total consulting days: 15

Overview:

Deploy a foundational Elastic SIEM solution including configuration of data ingestion, dashboard setup, and detection rule implementation.

Scope:

• Conduct discovery, finalize up to five in-scope integration data sources, define high-level data fields/use cases, design a basic RBAC structure for up to two customer roles, architect the self-managed Elasticsearch deployment, and plan for cluster security and data ingestion.
• Provision and validate infrastructure, configure operating systems, generate and distribute TLS certificates, install and bootstrap Elasticsearch and Kibana, deploy Fleet Server, and configure SIEM and RBAC.
• Install Elastic Agent(s), configure and validate integrations for the five selected data sources, tune and validate detection rules, and build/refine two overview security dashboards using live data and customer feedback.
• Conduct a knowledge transfer workshop, provide documentation, transfer engagement assets to the customer, and complete project wrap-up and sign-off.

Engagement times:*

• Typically, a project commences between six and eight weeks after services are purchased and lasts between one and five weeks.
• The project will be delivered by an Elastic Consultant (or a certified partner resource with Elastic oversight).

Engagement structure:

• All engagements will be conducted over contiguous weeks.
• Breaks in the engagement may result in reassignment of the Elastic Consultant and require additional lead time prior to resuming. They can also impact the LOE and/or cost.
• Changes or additions to scope may impact LOE and/or cost; changes will require a mutually executed Order Form (change order).

Customer responsibilities:

• Provide all necessary resources, access, and personnel in a timely manner.
• Provide all requested prerequisite information and documentation prior to the project kick-off call.
• Confirm all onboarding and access requirements prior to purchasing services.
• Determine clear and concise requirements prior to engagement kick-off.

Total consulting days: 25