Large IBM Qradar deployment and SOC Build out. Deployed 160+ QRadar appliances over multiple countries. The Qradar components deployed were:
Qradar Console, QRIF, QVM, QRIF, AppNodes, Flow Collectors (Cu & Fi), Log Collectors and Processors
IBM Resilient (SOAR).
At the end we had over 9000 log sources from enterprise infra such Servers, Routers, Switches, Firewalls, Mainframes, Mcafee EPO, SWIFT systems and many other. In addition we were rolling out logging from end points as well. The daily influx of logs was over 2 billion events distilling down to around ~100 offences (after tuning).
Ensure that sufficient engineering resources were available with Qradar experience to not only deploy, maintain and update the appliances but also create/tune use cases.