Specifications include, but are not limited to: The County of Los Angeles, Internal Services Department (County) is seeking a vendoragnostic IT and Security data/log streaming SaaS solution agnostic of any log analytics or Security Information and Event Management (SIEM) technology. This solution must provide a controlled abstraction layer for managing log streams and observability pipelines connecting multiple sources with multiple destinations, including archiving, while optimizing the data to reduce licensing and infrastructure costs. It must provide native integration for streaming data/log with flexibility into major log analytic solutions, object storage, and SIEM solutions. The solution must include the following capabilities: A. The solution must support on-premises, cloud-hosted, SaaS, and hybrid deployments. B. Must be highly available (24x7x365) with a minimum of 99.9% uptime. C. The solution must include a license for ingestion of at least 2TB of data per day. D. Ability to support the following data sources: JSON, SNMP, Syslog, SplunkTCP, Office 365, Kafka, Azure, AWS, GCP, TCP/UDP, Palo Alto, Cisco, Windows, Linux, IPS/IDS sensors, webproxy, web application firewalls, application logs, anti-virus, API services and custom scripts. E. Able to support the following data destinations: Splunk, CrowdStrike Falcon LogScale, Elasticsearch, Syslog, Webhook, TCP JSON, Amazon S3, Google Cloud Storage, Azure Blob Storage, File Systems/NFS, Azure Log Analytics Workspace, Sumo Logic and Google Chronicle and Azure Sentinel. F. Support queuing to hold copies of original data until receipt is confirmed by all destinations. G. Enable transformation of data formats to/from XML, JSON, Key-Value, CSV, TSV, CEF format. H. Able to route single data stream to multiple destinations, including several SIEMs, Data Lake, and Managed Security Service Provider (MSSP) at the department levels. I. Ability to enrich data with the addition of contextual metadata such as GeolP, DNS information, Threat Indicators information at the time of ingestion. J. Ability to parse the data/log using an automated interface and prebuilt rules, which does not require programming for routing, shaping, event breaking/parsing, and lookups.
