Sentinel Migration: 4-Wk Proof of Concept

➢ Microsoft Sentinel PoC High Level Scope:

✓ Design Workshops- Gain a common understanding of your security objectives and requirements. During this workshop we will explore • Your environment • Current Security Solutions • Your Security Vision/Objectives • Past experiences with threats and how you monitor. • Azure Sentinel Data Sources • Data Visualization with Workbooks • Automation

✓ Implementation- During this stage we will focus on the following. • Workspace Creation & Configuration • Onboarding data connectors (Limited Scope) (Microsoft 365, Active Directory, Networking Devices, Windows Servers, Linux Servers) • Integrating Threat Intelligence with Microsoft Sentinel • Creating Analytics rules • Configuring and using Entity Behavior • Creation of visualization workbooks. • Configuring Playbooks (2 out of the box) • Testing to validate individual elements of the solution function as intended before full implementation in the production environment. • Testing in the production environment to validate that the implemented solution is functioning as designed. • implementing the solution from other tools where logs need to be ingested in Sentinel and cold storage at the simultaneously. • Moving Sentinel data to Azure Blob storage containers and querying the data with Kusto Query Language (KQL) ✓ Knowledge Transfer and Handover - During this stage we will focus on the following. • Management of Microsoft Sentinel • Operational Aspects of Microsoft Sentinel • On-boarding New Connectors • Assist in configurating up to 3 third-party connectors to Microsoft Sentinel. • Assist in Ingestion of logs into Sentinel via in-built, third-party, or custom connectors. • Creating new analytical rules, workbooks and automation. • Kusto Query Language overview for analytical rules. • Pro-active threat hunting with Azure Sentinel. • Playbook Creation.