Microsoft Sentinel XDR + SIEM Implementation Service: 60-day Implementation

Engage with our team of security implementation experts to rapidly deploy (or validate an existing) Microsoft Sentinel in your own Azure instance. Deliverables for the engagement include:

PHASE 1 - DISCOVERY & BASELINE DEPLOYMENT

• We provision OR validate an existing customer-owned Azure subscription and Log Analytics workspace that will be leveraged for Microsoft Sentinel.
• We deploy OR validate an existing Microsoft Sentinel installation and selected Log Analytics security solutions. We enable Azure Automation, Azure Log Apps, and Azure Monitor per best practices in an Enterprise Sentinel deployment.
• We configure relevant Microsoft Sentinel Data Connectors and validate the data fidelity for each data type.
• We configure Microsoft Defender for Cloud coverage for Azure Arc servers and Azure VMs.
• We configure and link Microsoft Defender for Endpoint and Microsoft Defender for Cloud Apps services.
• We deploy Microsoft Monitoring agents with Azure Automation integration to Azure virtual machines and Azure Arc servers via policy. We enable Automation Updates, Inventory, Change Detection and Desired State Configuration (DSC) solutions.
• We collaborate with your IT Staff to deploy and configure Microsoft Defender for Endpoint client app and Defender policy for Windows 10/11, iOS and Android devices enrolled in a functional Microsoft Intune instance. (Professional Services to perform or assist with a greenfield implementation/rollout of Microsoft Intune are not included).
• We deploy a customized set of Microsoft Sentinel Incident Rules and Azure Monitor Alert Rules to facilitate the tuning, testing and notification process.
• We enable notifications integrated with your existing customer Incident Management workflow. (This can simply be an email notification if there isn't a pre-existing Incident Management workflow in production.
• We initiate machine learning and data collection for Phase 2. NOTE: once initiated, this process takes a minimum of seven (7) days. Some machine learning (ML) based anomaly detection features require fourteen (14) days to provide optimal results.

PHASE 2 -

• Review data collection details and select baseline triggers for solution inclusion - including investigation of all results returned from default hunting queries.
• Perform alerting, thresholds, and notification path adjustments as needed - including development of DNS and IP whitelists.
• Create a curated and customized set of Saved Workbooks relevant to the solution. Review Microsoft Sentinel Implementation success against desired results with the AIT Project Team and customer stakeholders.