Sentinel SIEM and Security Operations Centre

West Yorkshire Combined Authority would like to procure an external party to implement Microsoft's Sentinel System Incident Event Monitoring (SIEM) tool into its Azure environment. The Combined Authority require security events, that are captured and correlated by the SIEM solution, to be monitored 24/7 using an externally hosted Security Operations Centre (SOC). The Combined Authority will leverage the security alerts provided by the SOC: • To understand where the Combined Authority needs to focus its resources to maximise its cybersecurity posture. • To detect and respond to threats, keeping the information held on systems and networks secure. • To increase resilience by learning about the changing threat landscape (both malicious and non-malicious, internal and external). • To identify and address negligent or criminal behaviours. • To derive business intelligence about user's behaviours to shape and prioritise the development of technologies.