Azure Sentinel: 3 day implementation

Sulava Oy

Planning and implementing the Cloud-native Security Information and Event Management system (SIEM) Azure Sentinel


Preparation call

  • Define full scope & align expectations
  • Schedule the work & plan attendees
  • Technical pre-requisites check

Workshop day 1:

  • Planning the role of Azure Sentinel in customer’s current security architecture & pricing review
  • Provisioning Azure Sentinel in customer’s Azure environment
  • Connecting available Microsoft cloud log sources
  • Defining log retention policy
  • Defining admin access to logs

Workshop day 2:

  • Configuring sample alerts in Sentinel Analytics
  • Walkthrough of utilizing detect / investigate / respond functionality
  • Creating a plan for connecting additional sources: on-premises servers, firewalls, 3rd party services etc. & Improving detection & response capability


  • Sentinel workspace provisioned
  • Long-term storage for Microsoft cloud log sources
  • Understanding for Sentinels basic operations
  • Capability for detecting & investigating anomalies
  • Plan & roadmap for integrating other log sources and improving detect & response capabilities