This Request for Proposal (RFP) is issued by the Administrative Review Tribunal (ART) to solicit proposals from experienced professional services organisations for the implementation of SIEM system. The chosen replacement product is Microsoft Sentinel which shall integrate with ART’s ICT services to provide a detective and response capability for cyber security incidents.

The ART is seeking a capable partner to provide a comprehensive design and implementation of the base SIEM platform and log integration and alert customisation for an MVP.

The primary objectives of this RFP are to:

• Replace the ARTs existing SIEM features and functions with equivalents in Microsoft Sentinel
• Have a solution which is IRAP assessable and meets the requirements of the ACSC ISM and PSPF.
• Create a single unified pane of glass for the Security Operations (SecOps) team to monitor
• Migrate existing SIEM alert logic into Microsoft Sentinel
• Ensure the SIEM architecture minimises ongoing operational costs whilst providing a strong SOC posture
• Preference OOTB connections over customer connectors and parsers
• Provide comprehensive training and documentation to the SecOps team on:

         -Maintenance activities required for optimal and consistent system performance

        -Procedures to create new alerts

        -Guides in writing parsers for Sentinel in native Microsoft languages

         -Guides on converting clickops dashboards and alert to code for storage in Azure DevOps repositories.

Please note this is a re-published RFP and the ART has prepared and updated its requirements document specifically around the objectives as listed above, in addition to providing a list of user stories to assist in preparing your proposals. It is recommended you review the new document carefully to identify the additional requirements.