Azure Sentinel: 3 day implementation

HOW:

Preparation call

• Define full scope & align expectations
• Schedule the work & plan attendees
• Technical pre-requisites check

Workshop day 1:

• Planning the role of Azure Sentinel in customer’s current security architecture & pricing review
• Provisioning Azure Sentinel in customer’s Azure environment
• Connecting available Microsoft cloud log sources
• Defining log retention policy
• Defining admin access to logs

Workshop day 2:

• Configuring sample alerts in Sentinel Analytics
• Walkthrough of utilizing detect / investigate / respond functionality
• Creating a plan for connecting additional sources: on-premises servers, firewalls, 3rd party services etc. & Improving detection & response capability

DELIVERABLES:

• Sentinel workspace provisioned
• Long-term storage for Microsoft cloud log sources
• Understanding for Sentinels basic operations
• Capability for detecting & investigating anomalies
• Plan & roadmap for integrating other log sources and improving detect & response capabilities