Azure Sentinel Deployment

Microsoft Azure Sentinel is best in-class cloud-native SIEM (Security Information and Event Management)

It collects and analyzes activity from across your entire IT infrastructure to detect threats, discover trends

and enable your organization to take action.

Get it now
  • Provisioning

    1

    Azure Sentinel setup

    Onboarding Log Sources

    Usage Reports

    Threat Intelligence Feed

    Silent log monitoring

  • Analysis

    Review Azure consumption per log source type

    Identify additional log sources

    Review security value vs. cost

    Integration with other security products

    2

    Analysis

  • Use Case Configuration

    3

    Deploy Sentinel alert rules

    Configure playbooks

    Configure dashboards (workbooks)

    Create log parsers

    Add additional log sources

  • Tune-Up

    Sentinel alert rules tune-up

    Additional optimization of log ingestion

    Regular meetings with customer

    Executive Dashboard

    Knowledge transfer

    4

    Tune-Up

Typical Log Source Types:

On-premises: Firewalls, Windows AD, VPN, Critical servers’ system & health, Web sites, IPS/IDS, EDR, URL Filtering

Cloud: O365, Azure AD, ASC, AWS, PaaS & IaaS components, DNS

*50+ custom data connectors and log parsers available in our catalogue

Azure Sentinel Deployment

10-15 days average project duration

Low impact to the customer environment

Full integration with Microsoft Security Stack

Full SOAR rollout

*Azure Sentinel hosted in customer’s Azure subscription