Microsoft Sentinel Deployment

BlazeClan Technologies Pvt. Ltd

Blazeclan offers Microsoft Sentinel deployment, integration, configuration and optimization in the customer's environment seamlessly.

Microsoft Sentinel is a cloud-native Security Information and Event Management (SIEM) solution. It is designed to provide intelligent security analytics and threat intelligence across an organization's entire environment. Certified security engineers of Blazeclan team conduct the designing, implementing, configuring and optimizing Microsoft Sentinel in the customer's environment. Team will make use of security use cases and enable alerts for the SOC team to monitor and investigate depending on the types of integrations done with the Azure services and security tools.

Agenda

  1. Azure Portal Setup - Create a new instance or workspace to collect and analyse all the security data.
  2. Data Collection - Integrate data sources like Azure services, 3rd party security solutions like firewalls, IDS/IPS and many more.
  3. Data Ingestion -Use connectors, APIs or agents to ingest and forward security data to Microsoft Sentinel
  4. Data Parsing and Normalization - Process and normalize the incoming data to make it consistent and easily searchable.
  5. Creating Custom Connectors - To gather data from sources not covered by the default connectors.
  6. Detection Rules and Playbooks - Configure detection rules that trigger alerts when specific patterns or anomalies are detected. Playbooks helps in automated workflows to handle responses to the alerts.
  7. Analytics - Write custom queries using KQL for data analysis.
  8. Threat Intelligence Integration - Integrate TI feeds to enhance the detection capabilities.
  9. Incident Management - Microsoft Sentinel helps investigate, respond and manage incidents via automated or manual response.
  10. Visualization and Reporting - Use built-in or custom dashboards to visualize security data and insights.
  11. Integration with Azure Services and SOAR platforms - Integrate with Active Directory and SOAR platforms to enable end-to-end incident response automation.

Week 1

Assessment, Discovery, and Design Introduction and understanding of scope of services, accounting for the current infrastructure and Azure subscription. Presentation of a ready-for-implementation Microsoft Sentinel design.

Week 2

Portal Setup, Data Collection and Data Ingestion. Create a new instance or workspace to collect and analyse all the security data. Integrate data sources like Azure services, 3rd party security solutions like firewalls, IDS/IPS and many more. Use connectors, APIs, or agents to ingest and forward security data to Microsoft Sentinel

Week 3

Data Parsing, Normalization, Detection Rules, and Analytics. Process and normalize the incoming data to make it consistent and easily searchable. Configure detection rules that trigger alerts when specific patterns or anomalies are detected. Playbooks helps in automated workflows to handle responses to the alerts. Write custom queries using KQL for data analysis.

Week 4

Integration with Threat Intelligence and SOAR platforms. Integrate TI feeds to enhance the detection capabilities. Integrate with Active Directory and SOAR platforms to enable end-to-end incident response automation.

Deliverables

  1. Azure Setup - Provisioning Resources, Configuration Settings, Access Credentials, Security Measures, Connectivity and Compliance and Governance
  2. Data Collection - Data Sources Configuration, Log Collection Rules and Log Integration and Mapping
  3. Data Ingestion - Data Source Discovery, Data Collection Strategy, Connector Configuration and Data Mapping and Transformation
  4. Data Parsing and Normalization - Field Extraction Rules, Regular Expressions or Parsing Logic and Field Mapping and Renaming
  5. Creating Custom Connectors - Connector Design Documentation, Connector Architecture and Data Source Configuration
  6. Detection Rules and Playbooks - Rule Description and Context, Detection Logic or Query, Logic and Criteria definition, Use Case Mapping and Playbook Design and Workflow
  7. Analytics - Detection Logic and Query and False Positive Mitigation
  8. Threat Intelligence Integration - TI Source Selection, Data Source Configuration, Integration Logic and Threat Data Visibility
  9. Incident Management - IM Strategy, Incident Classification Criteria, Incident Investigation Guidelines, Escalation and Response Procedures, Post-Incident Analysis and Incident Closure and Documentation
  10. Visualization and Reporting - Dashboard Layout and Composition, Drill-Down Capabilities, Real-Time and Historical Data, Automation of Reporting and Compliance based reporting, which includes SOC2 / ISO 27001 / PCI-DSS
  11. Integration with Azure Services and SOAR platforms - SOAR tool selection, Data Integration Plan, Incident Workflow Definition and Automated Response Logic
https://store-images.s-microsoft.com/image/apps.51461.0da51d62-6b34-43b0-9676-8c632259948f.bfec0d13-7dc6-49a5-8515-4685ed60ba1a.32c6f9ef-2b94-4153-9594-65d1ea1e5c14
https://store-images.s-microsoft.com/image/apps.51461.0da51d62-6b34-43b0-9676-8c632259948f.bfec0d13-7dc6-49a5-8515-4685ed60ba1a.32c6f9ef-2b94-4153-9594-65d1ea1e5c14
https://store-images.s-microsoft.com/image/apps.1379.0da51d62-6b34-43b0-9676-8c632259948f.bfec0d13-7dc6-49a5-8515-4685ed60ba1a.6999a0be-94d4-4260-937b-b6ffea503a47
https://store-images.s-microsoft.com/image/apps.5455.0da51d62-6b34-43b0-9676-8c632259948f.bfec0d13-7dc6-49a5-8515-4685ed60ba1a.970aca3d-6229-451b-988e-33883b7d977f
https://store-images.s-microsoft.com/image/apps.61760.0da51d62-6b34-43b0-9676-8c632259948f.bfec0d13-7dc6-49a5-8515-4685ed60ba1a.51e302fb-20ec-4674-9754-f0edc5796ddb
https://store-images.s-microsoft.com/image/apps.2209.0da51d62-6b34-43b0-9676-8c632259948f.bfec0d13-7dc6-49a5-8515-4685ed60ba1a.14ddeeac-7dee-4aa9-b65d-052da8af271a