Skip to content

MOCERT Advance Security Log Analytics Service

new service fig 3

 Figure 1. High Level Architecture

1. Objective

- Collaborate with Macau organization to promote the importance and advantage of continuous log monitoring and analysis.
- Provide the continuous log monitoring solution and advance log analytic service to strengthen enterprises’ IT security against the various threats and attacks.

2. Scope

A. System Involved
- Intelligent Security Information and Event Management System (iSIEMS)
- Security Incident Response System (SIRS)

B. Architectural Design
- Hardware resource sizing (server and storage).
- Converged log processing mechanism (collection, normalization, searching and reporting).
- Distributed log processing nodes to ensure the data integrity and service availability.

new service fig 2

Figure 2.  Distributed Log Processing Nodes


C. One-off Professional Implementation
- Hardware installation and configuration (for iSIEMS and SIRS)
- iSIEMS system implementation
  √ Deploy the ELK stack
  √ Configure Elastic Beats
  √ Create the monitoring dashboard (12 dashboards)
  √ Operating system hardening
  √ iSIEMS administration and monitoring training (1 day)
- SIRS system implementation
  √ Incident response system setup and configuration
  √ Security incident runbook
  √ Security incident response training based on runbook templates (1 day)

D. Annual Support and Professional Service
- System support of iSIEMS and SIRS
- MOCERT Cyber Threat Intelligence (CTI) feed service
- Advance security analytics with visualized and powerful dashboard
- Performance and alert fine-tuning service
- Security engineering and new enhancement (limited service tickets)
 √ Security engineering, configuration and advisory on different security facilities for the emerging threat identified.
  √ Create new monitoring dashboard

3. Pricing

The pricing parts of this advance security log analytics service include:
- The hardware of iSIEMS and SIRS
- The software license of iSIEMS and SIRS
- The subscription of Elasticsearch
- One-off professional implementation
- Annual support and professional service

A. The Hardware of iSIEMS and SIRS
MOCERT can provide professional hardware sizing according to the requirement of estimated daily log size of client’s infrastructure. The procurement process of requested hardware is assumed to handle by each organization and client. Moreover, client may use the existing infrastructure to adopt this service.

B. The Software License of iSIEMS and SIRS
The software of iSIEMS and SIRS are free to use currently.

C. The Subscription of Elasticsearch
The list price of subscription of Elasticsearch from Elastic’s sales channel is USD 11,000 per node (The price queried on April 2019). The total nodes of Elasticsearch are depended on the requirement of daily log size.

Reference URL:

D. One-off Professional Implementation
The price is needed to be further discussed according the details requirements of client.

E. Annual Support and Professional Service
The price is needed to be further discussed according the details requirements of client, there are limited service tickets included for further development of security engineering and new enhancement item.

[YOUR IP: 42526] ...   [YOUR BROWSER: CCBot/2.0 (] ...