| Section | Type | Requirement |
| Platform | Mandatory | 1) Log Management System capability 2) Supporting an extended set of log sources 3) Customization of parsers/connectors 4) Method for retrieving events/flows/logs 5) Specification of the method for retrieving events/flows/logs 6) Hierarchical and modular/scalable architecture 7) Time-zones management 8) Platform computing capacity 9) Platform storage capacity 10) Installation model 11) High Availability/caching options 12) Availability of both default and customizable correlation rules 13) Dashboard features: ability to prioritize response and analysis 14) Customizable and compliance reports 15) Alerting capabilities 16) Technical documentation and online help 17) Ability of Monitoring the platform 18) Secure Software 19) Context enrichment based on collected logs 20) Support for collection of real-time and deferred logs |
|
| Nice to have | 1) Multi-tenant capabilities (views) 2) Anonymization of logs 3) Support MITRE ATT&CK correlation matrix |
| Operations | Mandatory | 1) Role-based access control 2) Accounting: log events done by operators 3) Web interface for day-by-day operation |
|
| Nice to have | 1) Customizable time-zones for the GUI |
| Integration | Mandatory | 1) Active Directory integration for administrative management |
|
| Nice to have | 1) Integration with asset management tools 2) Case Management and trouble-ticketing activities tracking 3) Trouble ticketing module 4) Integration with vulnerability management tools |
| Advanced features | Nice to have | 1) Threat Intelligence analysis tools support 2) Support for forensics analysis activities 3) Analytics support 4) Automatic response capabilities |
| Licensing and support | Mandatory | 1) Specification of the preferred License type 2) Licensing restrictions 3) Specification of the project Roadmap 4) Delayed license activation 5) Technical assistance support and professional services 6) Training provided |