Allow an organisation to have an initial experience with Azure Sentinel by enabling up to 5 log sources and exchange with nümad security on all the advantages and benefits of using Azure Sentinel.
INFORMATION GATHERING & PREPARATION
Strategic workshop and information gathering sessions to assess your current infrastructure (on-premises and cloud) to provide details related to costs and benefits of implementing a Azure Sentinel.
* Define scope and expectations
* Outline roles and responsibilities
* Agree on deliverables and security controls to include in the Workshop (maximum of 5 for this workshop - including Office 365 and MDATP if applicable).
ACTIVATION OF AZURE SENTINEL
* Evaluate existing Azure deployment before initial configuration
* Enable Azure Sentinel cloud instance.
* Evaluate selected log sources or devices to implement (data connectors) in Azure Sentinel
* Ongoing knowledge transfer during initial configuration
DATA CONNECTORS | WORKBOOKS | ALERTS | PLAYBOOKS
* Based the agreed log sources / devices, create alerts and playbooks for each sources
* Optimize the deployed congratulation (playbooks, correlation rules and alerts)
* Log at Threat intelligence and hunting
* Knowledge transfer & training on Azure Sentinel in General
* Validate if the scope and expectation were met.
* Look for other security controls that could be integrated in Azure Sentinel in the future
* Document the deployed solution along with a cost analysis (current and future needs)
Envisioning and Implementation
Security & Monitoring