Azure Sentinel Tuning: 2-Weeks Implementation

Optiv Security Inc.

Optiv matures and optimizes the client’s Azure Sentinel environment including reviewing configuration for Azure Sentinel and supporting agent architecture.

Optiv documents uncovered issues and work with the client to provide a prioritized list of next steps and improvements that align with the client’s unique needs. This service includes the implementation of discussed improvements and configurations. During the engagement, Optiv provides a knowledge transfer for all tasks completed.

Engagement Methodology

Architecture and Data Source Review: Validate best practices are utilized for Azure Sentinel and agent architecture. Conduct a Data Source workshop to identify high-value data sources required for clients’ use cases. Review parsing of data sources.

Content and Tuning Review: Conduct Use Case Workshop to identify analytic rules, workbooks, hunting queries, and playbooks needed to provide rapid value to Azure Sentinel. Identify current Analytic Rules that need tuning to lower false positives. Validate Workbooks, Playbooks, and Hunting queries are working as expected and providing value.

Remediation and Optimization: Remediate, tune, and optimize agreed-upon recommendations.

Project Review and Documentation: Document findings and identify recommendations to mature Azure Sentinel and client’s security posture.

Service Deliverables: Optiv provides a Project Summary Report describing the work performed, Health Check findings, remediation, and recommendations in the following sections: -Configuration settings -Critical issues remediated -Use cases to retire, adjust or add -Data sources to retire, adjust or add -Gaps in detective controls (sensors)
-Improvements in maintenance processes

Service Outcomes: -Increased protection against the constantly evolving threat landscape by improving detection efficacy and focusing on the threats that matter -Better detection capabilities focused on the identified critical assets -Continued application of best practices and lessons learned from Microsoft and industry experience and apply them to each unique environment