Microsoft Sentinel Quick Start

Edgile, Inc.

Production pilot, which is expected to provide centralized log collection, detection of previously undetected threats, investigation with artificial intelligence, and Rapid Response to incidents.

Edgile Microsoft Sentinel Implementation is an accelerator in successfully deploying and implementing Microsoft Sentinel into your environment. Working with some of the largest companies in aerospace, manufacturing, healthcare, and financial services we have developed and deployed models to create a superb experience implementing Microsoft Sentinel infrastructure into an environment. We bring the technical expertise, world class SIEM/SOAR architects, to enable companies to accelerate past the technical intricacies of implementing SIEM/SOAR technology into their environments.

Our approach leverages the SIEM/SOAR capabilities within Microsoft Sentinel with a focus on data ingestion from the Microsoft 365 suite as well as Out of the Box connections for common attack signaling products.

Data Connectors – There are hundreds of data connectors for the most popular IT security and compliance products. With the ability to connect many of these with a click of a button, it makes it easy to set up and start ingesting your data into Microsoft Sentinel. Within the data connectors comes prebuilt workbooks that allow for Out of the box data visualization. Additional customization can evolve these workbooks to bring the desired data visualization for anyone.

Analytic Rules – With thousands of pre-built rules within Microsoft Sentinel, allowing for quick and rapid deployment for the most current attacks. Constantly being this assist with the ever-increasing speed of new threats and vulnerabilities to be watched for. Rules can be aimed at any section within the MITRE ATT&CK framework.

Automation – One of the most powerful components of Microsoft Sentinel is the ability to take indicators, and events found from rules and alerts, and create an automatic response when they happen. Leveraging Playbooks to create Azure function apps to have a specific effect when an event occurs within sentinel. The build out of Threat Hunting Queries allows for the proactive search for threats within the environment. Development of specific rules to handle false positives, to help with the main struggle of SIEMS, the amount of white noise that is produced, while not compromising security.

Deliverables: • Identify other data connectors that are suitable for your environment • Identify pre-requisites for the data connectors identified for configuration • Configuration of all data connectors for data ingestion process into Microsoft Sentinel • Setup the automation rules within Microsoft Sentinel

Scope included: • Microsoft Sentinel Operations Plan • Quick Start deliverables • Required workbooks • Watchlists • Improved MITRE ATT&CK coverage • Microsoft Sentinel Playbooks configured with automation rules • Hunting Queries • Training sessions with the applicable stakeholders

Xem nhanh