Microsoft Sentinel Configuration is optimizing value
Microsoft Sentinel Configuration has the intent to secure your business through optimized use of the Microsoft SIEM system. Microsoft Sentinel is an expensive solution – but also a clever solution.
At Seculyze we have been installing and configuring Microsoft Sentinel from its very first release. Out of the box, it provides value. Tweaking it, significantly increases its value.
Microsoft Sentinel Configuration questions as input
Seculyze can help you uncover your configuration needs. From this initial assessment, we can implement and configure your Microsoft Sentinel SIEM. Whether it is a first-time installation and configuration, or if it is modifying an already running installation to provide more value to you and your business. Ask yourself:
Are the correct alert rules enabled?
Depending on your environment, we make an assessment of whether you could gain more value from enabling the correct rules.
Are the correct alert rules disabled?
Some rules create noise which could lead to alert fatigue. We analyze your enabled rules and disble the rules that do not present value to your.
Are the correct log sources attached?
Log sources needs to be attached to be able to analyze situations. We check the logs vs. rules and attach required sources.
Are the correct features enabled?
Depending on your in-house team and setup, some features can create more or less value which we can enable or disable.
Are you using intelligent playbooks to optimize the workflow?
Making intelligent workbooks, helps making the in-house cybersecurity team efficient. Let us help you make them.
Did you know?
This is the reason Seculyze was started. Part of our software provides the ongoing tweak of your Microsoft Sentinel Configuration through the Health score
Microsoft Sentinel Configuration:
A recurring task
Your IT environment changes
Your surroundings changes
The attackers change
Microsoft Sentinel changes
→ Therefore, Microsoft Sentinel Configuration is not a one-time thing. It needs to be tweaked, especially after the initial configuration and for 3 – 6 months. Here, the value comes from knowledge of the baseline.
The largest value is though obtained when on a running basis rules and setup are tweaked. At least annually.
Want to know more about Detection Engineering?
