Sentinel Accelerator: Implementation


A two-month Microsoft Sentinel deployment and implementation service that includes Level 2 SOC Cover and tuning and optimisation.

CyberOne's Microsoft Sentinel Accelerator exists to help Microsoft Azure clients get the most out of their Azure deployment. Many Azure clients are already leveraging the Microsoft security suite within Azure, including Sentinel, Microsoft’s game-changing SIEM. They are now looking to achieve maximum security capability, value from their investment and optimal efficiency within their team, ensuring that the game-changing capabilities of the solution are fully leveraged from the outset.

While the basic Microsoft Sentinel features can be understood quite quickly, it can take 6 months to deploy to an acceptable level and years to deploy like a pro. Microsoft Sentinel Accelerator was created to fast-track this deployment, helping you filter out the noise from the outset so the alerts don’t overwhelm, and tuning the system so valid attacks are flagged and dealt with immediately. With Accelerator we help you transition from your previous SIEM and aggregate your entire estate across all clouds and 3rd party products.

Effectively supporting our customers to deploy Microsoft Azure and Microsoft Sentinel into their business is what we do each day – and we have the awards and customer recommendations to prove it. Our solution will help you maximize the benefits of Microsoft Azure and how the enhanced telemetry and automation of Microsoft Sentinel can protect your business. With the enhanced capabilities of +XDR we can help you deploy Microsoft Azure services to enhance your security and ability to stay on the front foot with attacks.

Our 3-day deployment includes: • Scoping session to understand your business requirements and infrastructure • Integration with your Microsoft estate, 3rd party solutions and across multiple clouds • Set-up of all log sources for optimal fidelity, visibility and value • Configuration of threat intelligence sources and hunting capability • Set-up of alert rules and playbooks • Link to your MISP environment

Our 2-month delivery includes: • Dedicated level 1 support and level 2 escalation • Weekly 2-hour reviews and a final service review • Reporting and Analytics of Response Performance and Log Ingestion • A 24x7x365 MDR and SOC option with triage and ticket resolution • Implementation of MDR use cases • Continual tuning and refinement of log sources • Continual categorisation and prioritisation of alerts • Optimisation of data enrichment tools • Configuration of watchlists • Development of custom automation workflows • Development of bespoke and dynamic playbooks • Easy transition to a full managed service should you wish to continue with CyberOne after the Accelerator period