AWM0001538 Security Incident and Event Monitoring Implementation

The proposed approach to this procurement will allow for vendors to provide costs on the implementation and ongoing maintenance of a SIEM using either Microsoft Sentinel or Splunk (respondents selecting Splunk as their service offering must have the solution hosted in either Azure or Amazon’s Australian sovereign cloud offerings) including:

1. Storage and Management of the long-term retention of logging data to reduce ongoing operational costs and meet the requirements of the ISM;

2. Integration of Memorial endpoints into the SIEM for the collection including:

• End User Compute (EUC) devices such as desktops and laptops,
• Server and storage infrastructure,
• Cloud services,
• Networking equipment including Wireless Access Points (WAP), switches, routers, firewalls and proxys;

3. Integration with the ACSC CTIS service including testing;

4. Development of SOAR runbooks for common services including integration with the HaloITSM tool for incident tracking and management; and

5. Transition to production including design documentation, Standard Operating Procedures SOPs. 

Estimated start date: Tuesday, 10 February 2026

Initial contract duration: 6 months

Extension term: Not applicable

Location of work: ACT

Working arrangements: Onsite