Deploy Azure Sentinel in the customer’s environment
Target: Deploy Azure Sentinel in the customer’s environment, performing remote monitoring and optionally, threat hunting, demonstrating basic visibility that the solution can provide on customer environment.
• Active Azure Subscription
• Log Analytics workspace (if you do not have one, it will be created for you).
• Contributor permissions to the subscription in which the Azure Sentinel workspace would resides.
• Contributor or reader permissions on the resource group that the workspace belongs to.
• Additional permissions may be needed to connect specific data sources.
• Acknowledgment of Azure Sentinel pricing (that is a paid service)
• Implemented cloud native SIEM for chosen log sources.
• Enhanced Security visibility across cloud and on-premise environment
• Customer gets environment to prioritize and mitigate potential threats.
• Defined deployment roadmap for the production deployment of Azure Sentinel.
• Defined next steps based on their needs and objectives.