Post-Migration TODOs

Create transform module in monad_chla/transforms/

Document message IDs / syslog codes in module

Add pipeline config in pipelines/<source>/

Add tests in tests/test_<source>_transforms.py

Add sample logs in tests/fixtures/

Update CI/CD workflow options

Document in SDK Integration page

Finalize deployment model decision (SaaS vs on-prem) — blocked on CISO

Obtain Monad production license

Document Monad SOC 2 / HIPAA certification status

Create implementation roadmap (PoC → Pilot → Production → Decommission)

Set up production Monad environment

Configure Sentinel workspace and data collection rules

Validate OCSF normalization with actual production logs

Performance test under production volume

Document rollback procedures (Monad bypass → direct QRadar)

Cost comparison: current QRadar spend vs projected Sentinel + Monad

Train SOC team on pipeline-as-code approach

Document Monad administration procedures

Create runbook for adding new log sources

Create runbook for pipeline troubleshooting

Hand off CI/CD pipeline to InfoSec team

Define QRadar retention period (parallel operation)

Archive QRadar historical data per compliance requirements

Decommission plan with rollback window

Final cutover validation checklist