SIEM Setup (Security Information & Event Management)
Deploy and configure a SIEM (Wazuh + OpenSearch or Elastic SIEM) to correlate security events, detect breach indicators, and enable 72-hour Article 33 breach notification compliance.
Deploy Wazuh or Elastic SIEM, ingest security events from infrastructure (Linux syslog, CloudTrail, Kubernetes audit logs, application logs), configure correlation rules for GDPR-relevant threats, and set up PagerDuty alerting. Achieves Article 33 72-hour detection capability. Fixed price €2,700–4,500.
📋Why this service exists
Article 33(1) requires notifying the supervisory authority within 72 hours of becoming 'aware' of a breach. The key is 'aware' — you are legally expected to have systems that detect breaches quickly. A SIEM is the standard technical measure that enables this awareness.
What you get
- SIEM deployed (Wazuh + OpenSearch recommended)
- Log ingestion from: Linux servers, CloudTrail, K8s audit logs, application events
- GDPR-relevant detection rules configured (brute force, data exfiltration, unusual bulk downloads)
- PII access anomaly detection rules
- PagerDuty / email alerting for critical events
- Incident response workflow documentation
- Security operations runbook
How we deliver
- Day 0You request quote → reply in 4 business hours
- Day 1–2Discovery call & scope clarification
- Day 3–5Contract signed, kickoff scheduled
- Day 5–7Implementation begins
- Day NFinal deliverables + walkthrough call
- +30 daysFree post-delivery support
Tools & technologies
Prerequisites
- Log sources accessible (SSH or agent-based)
- Infrastructure inventory
- PagerDuty or similar alerting system (or we set up email alerts)
Pricing
✓ Within scope:
- •Up to 20 log sources
- •Standard GDPR correlation rules
- •AWS or GCP environment
⚠ Outside scope (additional quote required):
- •More than 20 log sources (additional quote)
- •Custom ML-based detection (covered in UBA service)
- •24/7 SOC monitoring (covered in managed operations retainer)
📋Final price confirmed in proposal within 4 hours of your request.
Realistic timeline — what to expect
- T+0hSubmit request
- T+4hInitial proposal (business hours)
- T+1–3dDiscovery call
- T+2–3dFinal invoice
- T+3–5dContract signed
- T+4–6dPayment received
- T+5–7dService kickoff
- T+5–7d+NService complete
Frequently asked questions
Wazuh vs. Elastic SIEM — which should I choose?
Does a SIEM guarantee we'll detect breaches in 72 hours?
Related services
PII Access Logging Implementation
Implement comprehensive audit logging of every access to personal data: who accessed what, when, from which IP, for what purpose — immutable, tamper-evident log storage.
Automated Breach Detection Pipeline
Build an automated pipeline that monitors for data exfiltration, unauthorized access, and anomalous PII activity — triggering immediate alerts when breach indicators are detected.
User Behavior Analytics (UBA) for Insider Threat Detection
Deploy machine learning-based user behavior analytics to detect insider threats, compromised accounts, and anomalous PII access patterns that rule-based SIEM misses.