Calibrate

Continuous best practice setup.

Sentinel optimised against best practices, benchmarked against peers. Stop guessing what to enable, what to retire, and what is costing you.

+124% MITRE coverage
How it works

One score for your Sentinel setup.

Calibrate audits every detection rule, log source and configuration in your workspace, then rolls them into a single calibration score out of 200. Three sub-scores show exactly where your setup is solid and where it needs attention.

    0-200

    calibration score scale, the higher the healthier your Sentinel setup

    1-click

    updates straight from the recommendation

    Live

    score, every change moves the score

Calibration score
0
/200
Good
Alert rules Warning
0
/100
Log sources Good
0
/80
Configuration Good
0
/20
Capabilities

Everything Calibrate handles for you.

Six purpose-built capabilities, each tied to a specific gap in a real Sentinel setup. No fluff. No overlap.

01

Best-practice configuration

Sentinel set up against industry-proven defaults from day one. No guesswork on what to enable, what to retire, or what is silently costing you money.

02

Automatic update of outdated rules

Detection rules stay current as Microsoft ships new content and as the threat landscape shifts. The right changes are pushed for you, with no manual upkeep.

03

Change log and configuration tracking

Every tweak is recorded with who, what and when. Audit your setup history, roll back a bad change in one click, and prove compliance without spreadsheets.

04

Your score and benchmark for setup quality

One score tells you how strong your Sentinel setup is right now, and how it compares to peers in the same industry. Watch it move as you act on recommendations.

05

Recommendations for alert rules, log sources and settings

Concrete next steps ranked by expected impact and tailored to your actual environment. Each suggestion shows what it changes and what it costs, so you can act with confidence.

06

Cost transparency for log sources

Overview of what your log sources actually cost on a detailed table level.

One click

Easily follow all recommendations

Calibrate does not just tell you what is wrong - it fixes it. One button applies every recommendation at once, so following best practice takes a click, not a project. It removes the expert from the expert system: You get a senior engineer’s decisions without needing one on staff.

Recommendations

Enable missing alert rules

Follow best practice setup

Fix misconfigured log sources

Follow all recommendations
The idea

Cover more of the attack chain. Cut the noise.

Two moves, working together. We add the detection rules you are missing, so more of the MITRE ATT&CK chain is covered and the gaps attackers slip through get smaller. Then Machine Learning strips out the false positives, so your team is not buried in noise. No detection is perfect - misclassification happens, just as it does in a manual SOC - but with far broader coverage it gets much harder for an attacker to move unnoticed. And you get there without spending expensive hours on detection engineers.

InitialAccessExecutionPersistencePrivilegeEscalationDefenseEvasionCredentialAccessLateralMovementExfiltrationImpactTypical setupWith SeculyzeAttacker moves across the chain →Detection coverageNo coverage
More pillars

The full Seculyze product.

Calibrate is one of four pillars. Each works on its own. Together, they reshape how your SOC runs.

Questions we hear

Before you ask.

What does Seculyze Calibrate actually do for my Microsoft Sentinel setup?

Calibrate audits every detection rule, log source and configuration in your Sentinel workspace against industry best practices and rolls the result into one continuous score. It tells you exactly what to fix, in priority order, and lets you apply most fixes in 1-click straight from the recommendation.

Will Calibrate work with my custom alert rules and third-party log sources?

Yes. Calibrate scores and benchmarks rules from Microsoft standard as well as third-party log sources and custom detections. Recommendations are tailored to your actual environment, not a generic checklist.

How is the Calibration score calculated?

The score totals up to 200 points across three areas: alert rules (up to 100), log sources (up to 80) and configuration (up to 20). Every change in your tenant moves the score live, so you always see how strong your setup is right now and how it compares against peers.

Does Calibrate change my Sentinel rules without asking?

No. Calibrate recommends - you decide. Every change is reviewed before it is applied, recorded in a change log with who, what and when, and can be rolled back. Auto-update for outdated Microsoft-shipped rules is opt-in.

How long does it take Calibrate to give us a useful score?

Calibrate is API-native to Microsoft Sentinel and Defender, so there is nothing to deploy. The first calibration score is available within minutes of connecting; recommendations refine as the system learns your environment over the first days.

Will Calibrate increase our MITRE ATT&CK coverage?

Yes. Customers using Calibrate increase MITRE ATT&CK coverage by up to +124% by closing gaps in detection rules and log sources flagged in their calibration report.

Ready when you are

Let AI do the heavy lifting.

See how Seculyze transforms a live Sentinel workspace in a 30-minute demo. No slides, just the product.

Talk to sales