Cloud Migration and SOC Transformation

Case Study

Cloud Migration and SOC Transformation for a Global Technology Provider

About the Customer

The customer is a global technology provider supporting high-volume online retail and logistics operations. Known for developing advanced automation, artificial intelligence, and cloud-based fulfilment platforms, they deliver the software and infrastructure behind some of the most sophisticated e-commerce and supply chain ecosystems in the world. Their innovations power both their own digital retail services and those of major international partners.

Customer Challenges and Requirements

The customer was undergoing a wider cloud transformation and identified that their existing on-premise Security Information and Event Management (SIEM) solution was no longer effective. The environment had become increasingly difficult to maintain, and inconsistently developed use cases were generating excessive noise in the Security Operations Centre (SOC), impacting analyst capacity and response times.

Several key Splunk apps were failing compatibility checks for Splunk Cloud, and many of their detection rules were misconfigured or poorly tuned. The organisation saw the migration to Splunk Cloud as an opportunity to modernise its security operations, simplify infrastructure management, and align with leading frameworks such as MITRE ATT&CK.

To successfully make this shift, they required a partner who could work alongside their internal security team in a hybrid model, offering deep technical expertise and ongoing support. This included a full audit and rationalisation of existing use cases, targeted threat hunting tailored to the technology sector, and 24/7 SOC coverage with continued Splunk support, content development, and detection optimisation.

Adarma’s Solution

Adarma began by performing a full health check of the customer’s Splunk environment, identifying redundant or poorly configured rules. We reduced 100 existing security alerts down to 34, re-engineering 15 into high-quality detections and migrating 19 to run in parallel until a full handover to Adarma’s SOC was complete.

Adarma’s team helped reconfigure and optimise their infrastructure to route data to Splunk Cloud, avoiding the need to rebuild on-prem systems. We addressed incompatibilities in existing Splunk apps and indexes by packaging and remediating them in partnership with the customer’s engineering team.

To further enhance detection, Adarma delivered monthly threat hunting packs with hypotheses tailored to the technology sector. We analysed hundreds of intelligence sources per month, automatically pushing indicators of compromise into the SIEM hourly.

We also provided managed support for their CrowdStrike instance to enrich investigations and ensure better incident context.

Outcomes Delivered

Successful migration to Splunk Cloud within the planned 12-week onboarding window

Improved detection performance and reduced alert fatigue across SOC teams

Enhanced threat visibility with tailored, sector-specific threat hunting

Significant operational efficiency from the rationalisation of use cases

Stronger alignment with MITRE ATT&CK and modern detection standards

Trusted partnership model integrating Adarma’s team with the customer’s internal function

Services Delivered

Splunk Cloud migration and reconfiguration
Managed SOC service
Managed Threat Intelligence
Splunk support and maintenance
Threat hunting and tailored detection engineering
Integration with existing CrowdStrike tooling

Why Adarma

The customer selected Adarma based on our deep technical expertise in Splunk and proven track record in complex cloud migration projects. Adarma had previously worked with the customer, enabling us to quickly understand their environment and begin delivering value from day one.

We now act as their Managed Security Service Provider, delivering full 24×7 SOC support, threat intelligence, and engineering services.