Sentinel: 5-Day Workshop


Allow an organisation to have an initial experience with Azure Sentinel by enabling up to 5 log sources and exchange with nümad security on all the advantages and benefits of using Azure Sentinel.
INFORMATION GATHERING & PREPARATION (DAY1) Strategic workshop and information gathering sessions to assess your current infrastructure (on-premises and cloud) to provide details related to costs and benefits of implementing a Azure Sentinel. * Define scope and expectations * Outline roles and responsibilities * Agree on deliverables and security controls to include in the Workshop (maximum of 5 for this workshop - including Office 365 and MDATP if applicable). ACTIVATION OF AZURE SENTINEL (DAY2) * Evaluate existing Azure deployment before initial configuration * Enable Azure Sentinel cloud instance. * Evaluate selected log sources or devices to implement (data connectors) in Azure Sentinel * Ongoing knowledge transfer during initial configuration DATA CONNECTORS | WORKBOOKS | ALERTS | PLAYBOOKS (DAY3-4) * Based the agreed log sources / devices, create alerts and playbooks for each sources * Optimize the deployed congratulation (playbooks, correlation rules and alerts) * Log at Threat intelligence and hunting * Knowledge transfer & training on Azure Sentinel in General CONCLUSION (DAY5) * Validate if the scope and expectation were met. * Look for other security controls that could be integrated in Azure Sentinel in the future * Document the deployed solution along with a cost analysis (current and future needs) Publisher nümad Service type Envisioning and Implementation Solution Areas Security & Monitoring