Optiv provides a professional services engagement focused on the implementation (or migration) and initial configuration of the client’s Microsoft Sentinel environment, to enhance security visibility.
Optiv provides a professional services engagement focused on the implementation (or migration) and initial configuration of the client’s Microsoft Sentinel environment, to enhance security visibility within the enterprise, and to assist with the streamlining of security investigations. This service includes the thorough collection and integration of critical log sources, initial tuning of analytic rules, creation of workbooks, hunting queries, and basic incident management playbooks. During the engagement, Optiv will provide knowledge transfer for all tasks completed.
Service Deliverables: Optiv provides a Project Summary Report describing the work performed and the solution’s configuration in the following sections: • Architecture diagram • Configuration settings • Use cases • Data source details • Recommendations and next steps Integrate Log Sources Integration of supported Azure Service logs, Authentication, Endpoint, Perimeter, Network, and Email logs. Unsupported log sources may require additional time to integrate. Analytics Rules • Enable up to 30 out of the box Analytics rules • Tune Rules to lower false positives Workbooks • Enable out of the box Workbooks associated with onboarded supported data sources. • Configure one (1) custom Workbook Hunting Queries • Create up to five (5) Hunting Queries Playbooks • Enable two (2) community-supported Playbooks Entity Behavior (UEBA) • Enable Azure Entity Behavior
Service Outcomes: • Protection against the constantly evolving threat landscape by improving detection efficacy and focusing on the threats that matter • Detection capabilities focused on the identified critical assets • Application of best practices and lessons learned from Microsoft and industry experience and apply them to each unique environment