What is Microsoft Sentinel?

Microsoft Sentinel is a cloud-native SIEM (Security Information and Event Management) solution that offers intelligent security analytics and threat detection across an organization’s digital estate. Organizations can use it to collect security log data at scale, detect and respond to threats swiftly, and minimize false positives with the help of Microsoft’s advanced analytics and threat intelligence. It seamlessly integrates with other Microsoft security products, providing a unified security operations platform that enhances the capabilities of extended detection and response (XDR) and SIEM for a more robust defense strategy.

Our Approach:

Our goal is to simplify and streamline the deployment of Microsoft Sentinel so you can get up and running as soon as possible. Our consulting service for is customized based on your needs and on average takes up to one month to deploy Microsoft Sentinel.

Plan and Prepare

• Understand how you intend to use Microsoft Sentinel, define single or multi-tenant architecture and define compliance requirements for data collection and storage.
• Determine which data sources you need and the data size requirements to help you accurately project your deployment's budget and timeline.
• Use Azure role based access control (RBAC) to create and assign roles within your security operations team to grant appropriate access to Microsoft Sentinel and data.
• Azure budget planning, considering cost implications for each planned scenario.

Deploy

• Enable Microsoft Sentinel to run on the Log Analytics workspace your organization planned as part of your workspace design.
• Enable health and audit at this stage of your deployment to make sure that the service's many moving parts are always functioning as intended and that the service isn't being manipulated by unauthorized actions.
• Enable relevant solutions and content from data sources as identified in planning to start ingesting data into Microsoft Sentinel.
• Setup and configure near-real-time (NRT) detection analytic rules, anomaly detection rules, and scheduled analytic rules for alerting.
• Setup and configure automation rules based on triggers and conditions.
• Import starter automation playbooks to get you started with automating actions and orchestrating threat response.
• Import starter workbooks to get you started with rich visual reporting and data analysis within Sentinel.
• Setup watchlists to correlate data from a data source you provide with the events in your Microsoft Sentinel environment.
• Setup User Entity Behavioral Analytics (UEBA) to identify anomalous activity to help determine if an asset has been compromised.
• Setup Threat Hunting queries and import starter queries and import sample queries to get you started.
• (Optional) setup and configure threat intelligence ingestion from 3rd party threat intelligence sources.

Optimize

• Tune analytic rules based real world feedback to reduce false positives.
• Configure data retention and archiving for the Log Analytics workspace for cost optimization of Sentinel.
• Setup cost management workbook for ongoing analysis of data ingestion and processing to manage Sentinel costs.

Deliverables

• We will provide a full as-built documentation for how the environment was designed and configured to meet your requirements.
• We will provide up to 3 hours of training with your security team to get them started with using Microsoft Sentinel.
• We will provide sample Playbooks, Workbooks and Threat Hunting queries to get you started.

If you are interested in moving forward with a meeting to define project objectives, scope and pricing, please click Contact Me and a member of our team will contact you within 24 hours to schedule next steps.