Setting up and optimising Microsoft Sentinel

This consultation project involved setting up Microsoft Sentinel to help with the detection, investigation, and response to cybersecurity threats in the organisation's cloud landscape.

It started with the deployment of Content Types such as Content Hub Solutions, Data Connectors and Analytics Rules. Content Hub Solutions included those that scan for threats across Azure Services such as Azure Activity, Microsoft Defender for Cloud, Microsoft Defender XDR and Microsoft Entra ID.

Further scope within the project involved the maintenance of those data connectors against their Content Hub Solutions. Suggestions were also made for ongoing changes for add/update/delete Content Hub Solutions based on this review.

Part of the project involved reviewing Analytics Rules for missing/disabled threat detections and making a list of suggested changes/updates to increase their rule coverage.

I include an example image of the documentation that shows how to configure and manage Analytic/Detection Rules used in Microsoft Sentinel.

As this project is under NDA (Non-Disclosure Agreement), I am unable to share full details due to confidentiality reasons. Verification for this work can be confirmed by the project sponsor who has provided a recommendation/review:

https://contra.com/jason_smyth_cyber/reviews (David, Blueprint)