Indicative roles and responsibilities of onsite NG SIEM resources is given below. However, HPCL reserves the right to use onsite NG SIEM resources as per the project requirements, criticality etc. from time to time.

1.   NG SIEM SIEM+SOAR+UEBA Tool Overall Administration, Management, Backup   and Archival, Troubleshooting

2.   Upgrade Update Patching Backup Archival of NG SIEM Solution

3.   Monitor NG SIEM Console   and Dashboards and provide response   and support to remote SOC team for Incidents.

4.   Support the day to day operation of deployed NG SIEM SIEM+SOAR+UEBA

5.   Perform initial analysis for known issues and provide the appropriate recommendations for closure.

6.   Monitor   and Reporting of system components health and take necessary action in case of any observed issue.

7.   Integration of NG SIEM with IS infrastructure Existing Future but not limited to like IPS, WAF, Patch Management, Firewall, Anti APT solution, Antivirus, EDR, AD, ERP, DLP, VMT, Exchange, SharePoint, Network Devices, Web Services, Custom applications etc.   and also on respective version   upgrades .   Continuous

8.   Develop appropriate use cases playbooks models reports and alerts   and develop custom parsers connectors for integrating logs wherever necessary or required. L3 should have a good command on Regex, Parser   and Playbook creation. No separate charges will be provided for Parser or Play book creation.

9.   Integration of SIEM SOAR UEBA Tool with security non security solutions based on requirement   and architecture and develop modify appropriate use cases rules, playbooks models, reports and alerts - Continuous

10.   Should provide real time situational awareness to the HPCL stakeholders.

11.   Use and apply learnings from incident and provide recommendation for standardizing the NG SIEM SIEM+SOAR+UEBA Solution.

12.   Reduction   of   False   Positives   by   fine   tuning   existing   correlation rules configuration playbooks models

13.   Automation with continuous improvements, Reduction in MTTR, MTTD

14.   Develop and implement processes for interfacing with Operational teams and other supporting teams.

15.   Ensure the NG SIEM SIEM+SOAR+UEBA integration is intact among the HPCL SOC solutions, other assets

16.   Design, create and customize the dashboards reports as per the HPCL requirements. Customise   and fine tune SIEM, SOAR, UEBA Dashboards.

17.   Ensure the necessary HPCL SOC documents like operating procedures, configuration management, Low Level Design etc. are up to date with the changes made in their respective areas.

18.   Automating Day to Day Tasks related with NG SIEM Operations but not limited to

19.   Above is illustrative list of general activities. All Technology specific activities Related to NG SIEM to be carried out.

20.   Use and apply learnings from incident and provide recommendation for standardizing the NG SIEM Solution.

21.   Support on boarding and maintenance of a wide variety of data sources to include various OS, appliance, and application logs. Create Custom parser, queries, custom dashboards, and visualizations

22.   Create and manage NG SIEM knowledge objects to include apps, dashboards, saved and scheduled searches and alerts

23.   Support access requests and modifications and permissions

24.   Support troubleshooting and remediation of issues as they arise with data ingestion and NG SIEM infrastructure

25.   Creating   and updating all SOPs   and support for fulfilling Audit requirements.

26.   Monitor   and report on cyber threats and suggest any changes needed to protect the organization in SIEM, Leading End to End Implementation of the suggested changes.

27.   Provide notification and communication with Incident management and respective application team upon threat detection.

28.   Perform analysis on the reported incidents, determine the root cause, and recommend the appropriate solution.

29.   Should have a very good understanding on MITRE att andck   and NIST framework.

30.   Work on Improvement of overall posture of NG SIEM deployment to achieve best return on investment. Coordinate with Analyst team for finetuning   and improving NG SIEM overall utilization usage   and enriching security posture of HPCL