Event details
We are just starting down the Sentinel/XDR/SIEM/SOAR route. We didn't have anything in place before this outside Defender AV. We have some alerts and hunting queries setup, but is there a next step? Where do you see customers going from here? What are the hurdles that are commonly seen from customers?
John, I frequently see our clients focusing on using their new tools like Sentinel when they have not yet ensured that security baselines are in place. People go for the new shiny things instead of doing the basics. I strongly recommend focusing on implementing the secure score recommendations because this will decrease the noise in Sentinel
Also, spend some time getting familiar with the numerous Workbooks in Sentinel, they will provide a wealth of information about the environment.
make sure to use Watchlists, they can provide many benefits.