Describe the Issue
While we initially stood up a SIEM using OpenSearch, we needed to scale down usage due to costs for our team.
SecOps has a desire to re-instate this capability, and it is very likely they will help cover the cost.
We will stand up a the SecOps lab environment to closely mirror what we have in our ASEA and prep for rollout to Forge.
Additional Context
Add any other context, attachments or screenshots
Acceptance Criteria
[x] Review existing scaled down setup in ASEA
[x] Stand up toolset in SecOps lab (SecOps will be doing this work)
[ ] Set some initial consumption/alert rulesets (starting small)
Describe the Issue While we initially stood up a SIEM using OpenSearch, we needed to scale down usage due to costs for our team. SecOps has a desire to re-instate this capability, and it is very likely they will help cover the cost. We will stand up a the SecOps lab environment to closely mirror what we have in our ASEA and prep for rollout to Forge.
Additional Context Add any other context, attachments or screenshots
Acceptance Criteria