Microsoft Sentinel SOC service: 12 month implementation

The e2e Sentinel SOC Service leverages Microsoft Sentinel as their cloud based SIEM, utilising the Azure Log Analytics workspace to consolidate all security data. The service element then adds in round the clock monitoring and remediation assistance. There are four main components of the service: the 24/7 SOC service itself, management of the Sentinel instance and optimisation of Sentinel and it's component parts and finally the use of the e2e Teams application.

The SOC service includes 24/7 eyes on monitoring by a highly experienced team of security cleared analysts, remediation advice and assistance, incident management, threat hunting, deployment of custom threat indicators, optional access to a full SOC operations platform including ticketing, all fully backed by SLAs.

Sentinel management includes managing updates, SOAR and playbook/analytics tune up. Optimisation includes log ingestion/storage/retention reviews, alert fatigue reduction and service component audits.

The e2e Teams app enables interaction between incidents and tickets across a Teams channel and directly with a member of the authorised team. It also includes dashboarding and looks to leverage the secure Microsoft infrastructure to make engagement with the SOC simpler, more timely and more effective.