One-time platform configuration for Microsoft Sentinel

Suitable for any enterprise wishing to implement new Sentinel SIEM solution in their organization to monitor the security alerts, events, incidents and triage them to maintain the Cybersecurity posture improvement periodically. YASH standard process to configure, onboard integrate your enterprise assets and enable to monitor organization’s security alert’s through sentinel will be leveraged to your enterprise.

Yash will perform the following activities as part of the Microsoft Sentinel readiness:

• Due Diligence Discovery

1. Existing processes for investigation, remediation and automation
2. Compliance Requirements
3. Identify Critical assets
4. Log Retention and Storage policies
5. Integration with ITSM and IAM
6. Deliverables:
   • Discovery Analysis
   • New Solution Go-Live Plan

•  Environment Readiness

1. Design integration with existing infrastructure and third-party resources
2. Review MITRE attack coverage
3. Configure Microsoft sentinel workspace with required features
4. Device onboarding
5. Deliverables: 
   • Design workshop
   • Design Documentation 

• Data sources and monitoring services

1. List all data sources integrated
2. Identify connectors and data parsers in Microsoft Sentinel
3. Identify custom data connectors for specific log sources
4. Deploy Microsoft Azure monitor agent
5. Deploy Integration for ITSM SOAR, Threat intelligence platform
6. Deliverables:
   • Data Sources Integration
   • Event Correlation

•  Alert Rules and automation playbooks

1. Create playbooks and automation rules
2. Implement automation through Microsoft Azure Logic apps
3. Workbooks driven Dashboards
4. SOC Governance
5. Security audit and compliance checks
6. Deliverables:
   • Implement workbooks and Playbooks
   • KQL Queries, Custom Alerts