VM-CASINO-SIEM01 — SIEM / Security Operations
VM-CASINO-SIEM01 — SIEM / Security Operations
Overview
| Field | Value |
|---|---|
| VM Name | VM-CASINO-SIEM01 |
| Role | SIEM — Splunk Enterprise Indexer / Search Head |
| Environment | Production |
| Location | Casino Floor Data Center — Rack C1 |
| vCenter | vcenter.casino.local |
| Cluster | SEC-CLUSTER-01 |
| Host | esxi-host-05.casino.local |
| VM UUID | 422d6e8f-8b2e-11ec-f6f9-000c29a1b3d6 |
| Hardware Version | VMware Hardware v19 |
Hardware Configuration
| Component | Specification |
|---|---|
| vCPUs | 16 |
| CPU Sockets | 2 |
| Cores per Socket | 8 |
| RAM | 64 GB |
| Memory Reservation | 32 GB |
| CPU Reservation | 6000 MHz |
Storage
| Datastore | Disk | Size | Type | Format |
|---|---|---|---|---|
| SEC-SAN-DS01 | Hard Disk 1 (OS) | 120 GB | VMDK | Thin Provisioned |
| SEC-SAN-DS01 | Hard Disk 2 (Hot Index) | 2 TB | VMDK | Thick Eager Zeroed |
| SEC-SAN-DS02 | Hard Disk 3 (Warm Index) | 5 TB | VMDK | Thick Eager Zeroed |
| SEC-SAN-DS03 | Hard Disk 4 (Cold Archive) | 10 TB | VMDK | Thin Provisioned |
Networking
| Adapter | Type | Port Group | VLAN | MAC Address | IP Address |
|---|---|---|---|---|---|
| NIC 1 | VMXNET3 | PG-SEC-700 | 700 | 00:50:56:a1:06:01 | 10.10.700.60 |
| NIC 2 | VMXNET3 | PG-MGMT-100 | 100 | 00:50:56:a1:06:02 | 10.10.100.60 |
Guest OS
| Field | Value |
|---|---|
| OS | Red Hat Enterprise Linux 9.3 |
| Kernel | 5.14.0-362.el9.x86_64 |
| VMware Tools | open-vm-tools 12.3.0 |
| Computer Name | casino-siem01.casino.local |
| Domain | casino.local (SSSD) |
| Time Zone | UTC |
Application Stack
| Field | Value |
|---|---|
| Application | Splunk Enterprise 9.2 |
| License | 100 GB/day ingest |
| Role | Indexer + Search Head (combined) |
| Daily Ingest | ~45 GB/day |
| Retention (Hot) | 30 days |
| Retention (Warm) | 90 days |
| Retention (Archive) | 7 years (regulatory) |
Log Sources
| Source | Method | Volume |
|---|---|---|
| Windows Event Logs (all DCs/servers) | Splunk UF | ~8 GB/day |
| Firewall / Palo Alto | Syslog | ~12 GB/day |
| Slot floor controllers | Syslog | ~10 GB/day |
| Surveillance DVRs | Syslog | ~6 GB/day |
| vCenter / ESXi | API pull | ~4 GB/day |
| Physical access control | Syslog | ~5 GB/day |
Backup & Recovery
| Field | Value |
|---|---|
| Backup Tool | Veeam Backup & Replication 12 |
| Backup Schedule | Daily 03:00 AM |
| Retention | 14 days |
| RTO Target | 4 hours |
| RPO Target | 24 hours |
Notes
- Gaming commission requires 7-year log retention — do not purge archive index
- Security team has read-only access; SOC analysts access via Splunk Web only
- Alert forwarding configured to PagerDuty for P1/P2 security events
- Patching: Coordinate with Security team — never patch without SOC notification
- Contact: Security Operations Team
No comments to display
No comments to display