Managed Sentinel

Amesto Fortytwo AS

Managed Sentinel

Amesto Fortytwo AS

An always updated cyber security and threat management platform

Amesto Fortytwo Managed Sentinel is a service that lets you focus on your core business. Our cyber security experts make sure your Microsoft Sentinel solution is always up to date with the latest threat detection mechanisms and properly integrated with other Microsoft security products, such as Microsoft 365 Defender. Should an incident be reported, your incident responders will be notified and guidance on response will be provided through a workbook, to keep your environment safe. We can also offer an incident response team, through our Managed Detection and Response service. (optional).

All of Amesto Fortytwo`s managed service are deployed using Continuous Integration / Continuous Deployment (CI/CD). This means that you will always be on the "latest version", and never be in the situation where an implementation or upgrade project is needed in order to get to the most recent release. What this also means, is that any new detection rules, workbooks, or other functionality added to the managed service, is automatically available to you.


Amesto Fortytwo have security experts with extensive platform knowledge on Microsoft Sentinel, and more importantly on all the Microsoft cloud services logging to Microsoft Sentinel. This makes us able to properly identify what to look for in your logs, implement analytics rules, evaluate the criticality of the resulting incidents and help customers properly respond to detections. Your experts will be able to communicate with our experts through a Microsoft Teams shared channel.

Amesto Fortytwo services

The following services are provided by Amesto Fortytwo to properly manage, maintain and monitor your Microsoft Sentinel solution:

  • Continuous Deployment from Amesto Fortytwo, always running the latest version of our recommended Microsoft Sentinel configuration.
  • Large set of analytics rules that will create incidents, such as:
    • User signing in from IP address related to ransomware attack
    • Unusual usage pattern from service principal
    • Changes have been made to conditional access policies
    • Break glass account has been used to sign in
    • One of the designated VIPs have denied a multi-factor authentication notification
  • An incident response workbook with detailed guidelines on how to respond to each incident
  • Configuration of recommended TAXII providers for threat information
  • Connector and log monitoring
    • Get notified if any anomaly is detected in log sources, such as a service that stops logging
    • Guidance on adding the correct connectors

Because the service runs in your own Azure Subscription, in unlikely event that you should choose to cancel the service, the Microsoft Sentinel configuration will remain in your environment and Sentinel will continue to function.

If you have an existing Microsoft Sentinel workspace, already populated with logs, we can deploy to that workspace rather than establishing a new workspace.