https://store-images.s-microsoft.com/image/apps.42950.65a1ba0e-e4ea-45db-aaf9-081ca17e02d8.c150ca64-ae10-4bba-b754-1be914a968b7.9f0cdf37-f1ab-4e68-88e6-a3609f9a5dd5
Security Insight
LAB3 Solutions
Security Insight
LAB3 Solutions
Security Insight
LAB3 Solutions
Automate the deployment, maintenance & cyber security detection & response using Microsoft Sentinel.
About
Security Insight leverages automation to provide greater threat detection & response for distributed and autonomous xOps teams. Think deployments in minutes, not months. It bridges cloud and as a Service to on premises security operations for businesses, government and Managed Security Service Providers (MSSP).
Security Insight provides rapid speed to value, security posture visibility, risk insight, and cyber security assurance automation for distributed and autonomous xOps teams.
Security Insight provides 24x7 visibility into cyber security threats, vulnerabilities and overall posture, without the hassle or overhead of managing the operations of the platform, while ensuring the data stays in your tenancy, ready to meet requisite compliance standards and certifications.
Security Insight is for organisations who require Security Detection and Response in minutes, not months and are looking for an out of the box solution pre-configured with workbooks and analytics to be up and running fast. Security Insight is for organisations who don't necessarily have a dedicated security operations team and are not looking towards developing custom hunting and analytics.
At the end of your licence period you are required to remove Security Insight from your environment and Microsoft’s Sentinel offboarding processes and timeframes will apply. Details of the offboarding process can be found here Remove Microsoft Sentinel.
Benefits
- CONTEMPORARY CYBER SECURITY MANAGEMENT - Have security built into your systems and apps so you can identify threats faster & safely launch new apps sooner.
- THREAT HUNTING COVERAGE - Gain the ability to respond faster, when a security event occurs through real time detection & alerts of any unusual patterns of activity.
- START FAST WITH GOVERNANCE COVERED - Fast and agile deployments by code with prebuilt Playbooks, Alerts and Custom Log Sources templates that are designed to meet world leading security standards, ticking IRAP & ISO27001 requirements.
Deployment Instructions
- Create an empty resource group for the deployment (this can be done as part of the deployment)
- Deploy from the marketplace, selecting the required packages, log retention period and storage reservation (if required)
- Complete the post deployment tasks to enable Azure AD Integration and Azure Policy deployment using the Security Administrator directory role
- Complete the post deployment tasks to enable CT-Eye Threat Intelligence feed
Post Deployment Tasks
1. Add Microsoft Roles & Permissions - Roles and permissions in Microsoft Sentinel | Microsoft Learn
2. Enable Diagnostic Settings for Azure Logging - Enable diagnostics settings by category group using built-in policies. - Azure Monitor | Microsoft Learn
3. Enable Azure Active Directory Logging - Stream Azure Active Directory logs to Azure Monitor logs - Microsoft Entra | Microsoft Learn
4. Connect Microsoft 365 Defender - Connect Microsoft 365 Defender data to Microsoft Sentinel | Microsoft Learn
5. Enable Microsoft 365 and other Microsoft API based services - Connect Microsoft Sentinel to other Microsoft services with an API-based data connector | Microsoft Learn
6. Enable Threat Intelligence (Requires Cloud Application Administrator permission) - Enable the Threat Intelligence connector in Microsoft Sentinel by going to Configuration, Data Connectors, Threat Intelligence Platforms (Preview), Open Connector page, follow the instructions, create an Azure Active Directory app registration called app-security-cteye-intel as a single tenant account type, enable Graph API permission for ThreatIndicators.ReadWrite.OwnedBy with admin consent then contact our support team to provide your ClientID & TenantID of your Azure Active Directory app registration and notification email address.