Network Security Monitoring Cloud-based System

The University at Buffalo intends to procure a Networking Security Monitoring Cloud-based system pursuant to its discretionary purchasing authority under State Finance Law §163(6) and NYS Education Law §355 (5)(a). This procurement opportunity is limited to New York State businesses certified pursuant to Article 15-A of the New York State Executive Law. Interested parties should contact Nina Anders for more details about this opportunity.

The University at Buffalo (“University”) is seeking the below services:

• Software would need to work with existing Corelight hardware or equivalent
• Software would need to work with Emerging Threats Pro Ruleset and custom Suricata rules created by UB, MS-ISAC, REN-ISAC, and other trusted security partners or equivalent
• Software would need to provide HEC based log feed to Splunk of the following specific types of traffic:
• Details of all network connections
• Details of all HTTP traffic
• Details of all HTTP2 traffic
• Details of all SSL traffic
• Details of all DNS traffic
• Details of all encrypted DNS traffic
• Details of all file traffic as MD5, SHA1, and SHA256 hashes
• Details of all FTP traffic
• Details of all NTP traffic
• Details of all LDAP traffic
• Details of all LDAP search strings seen in LDAP traffic
• Details of all Syslog traffic
• Details of all tunneled traffic
• Details of all VPN traffic
• Details of all WireGuard traffic
• Details of all SNMP traffic
• Details of all x509 certificates seen in traffic
• Details of all SMTP traffic
• Details of all URLs seen in SMTP traffic
• Details of all SSH traffic seen
• Identification of software transmitting network traffic
• Identification of traffic matching REN-ISAC and MS-ISAC provided threat feeds
• Log of traffic matching Suricata threat signatures
• Should be able to provide regularly scheduled FTP based feed of logs in Zeek format to a Linux server for use with AC-Hunter Network Threat Detection Software or similar software.
• Software should provide Splunk app that provides for log extraction in Splunk CIM formats for use with other Splunk software such as Security Essentials, Enterprise Security, and custom written alerts, dashboards, and reports. Splunk app should also include prebuilt dashboards allowing the exploration and reporting on the software’s logs.