- Консультационные услуги
Microsoft Sentinel in 30 Days: 4-Week Implementation
The Spyglass MTG Microsoft Sentinel in 30 Days offer helps our customers accelerate their move to Microsoft Sentinel to provide a scalable, cost effective and secure cloud based SIEM.
The Spyglass MTG Microsoft Sentinel in 30 Days: 4-Week $35K Implementation helps our customers accelerate their move to Microsoft Sentinel to provide a scalable, cost effective and secure cloud based Security Information and Event Management (SIEM). By using a cloud native service within Azure you get all of the benefits of a secure hyperscale cloud environment that Microsoft provides. We will use the Cloud Adoption Framework and our Solution Accelerators to quickly and efficiently onboard and configure Microsoft Sentinel to your environment. This offer helps customers get started on or extend their use of Azure by providing the initial deployment of Azure Sentinel that can continue to be integrated with additional on-premise and cloud based systems to help increase the effectiveness of you SOC.
The process we will take during this deployment follow these principles:
Understand current SIEM environment and strategy for SOC.
Ensure the scalable and secure Microsoft Sentinel architecture.
Onboard initial log sources and develop common patterns for onboarding additional log sources.
Ensure analytic rules/workbooks/queries are in place and part of SOC processes to ensure value is seen from initial Sentinel usage.
Agenda-
STAGE 1 – Analysis & Inventory (Wk 1): Review current SIEM platform, understand security operations strategy, discuss current cloud strategy.
STAGE 2 – Design & Deployment (Wk 2): Design Microsoft Sentinel Architecture, deploy environment with IaC.
STAGE 3 – Onboarding & Integration (Wk 2-3): Configure log ingestion, migrate SIEM content to Sentinel, customize Sentinel content, integrate with SOC processes.
STAGE 4 – Response (Wk 4): Conduct user knowledge transfer session, alert investigation and remediation, review response actions that can be automated.
Deliverables- at the end of the 4-week jumpstart, we will deliver a fully functioning Microsoft Sentinel environment for an initial log sources along with content to help operationalize the usage of the new SIEM platform.