Forum Discussion

Larissa_ADEGBIDI's avatar
Larissa_ADEGBIDI
Copper Contributor
Jan 28, 2021

Integration of Azure Sentinel

Hi everyone, I've discover Sentinel recently, hence why i have some basics questions. Here they are: I would like to know in a practical way how Sentinel fits into the architecture of a company ? I...
GaryBushey's avatar
GaryBushey
Bronze Contributor
Jan 28, 2021

Larissa_ADEGBIDI For most of your questions, I recommend reading the Azure Sentinel Ninja training: https://techcommunity.microsoft.com/t5/azure-sentinel/become-an-azure-sentinel-ninja-the-complete-level-400-training/ba-p/1246310

 

In a nutshell, everything that Azure Sentinel knows depends on the data it is ingesting via data connectors.  There is always going to be a balance between having the needed data and having to pay for all that data.

 

In regards to how much time it would take I'll give the typical consultant answer:  It depends 🙂    It will depend a lot on what data you want to ingest (and where it is located; Azure, on-prem, elsewhere), what rules will need to be created to use this data (although Azure Sentinel has a lot of rule templates they do not cover every possible data source), custom workbooks and playbooks, and how much training is needed (are you going to be doing the maintaining, monitoring, and investigation or let a Managed Service provider handle it?).

 

Larissa_M_Adegbidi's avatar
Larissa_M_Adegbidi
Copper Contributor
Jan 28, 2021
Thanks Gary Bushey!

Resources