Azure Sentinel Deployment Best Practices
Employ best practices to support a stable, cost-effective, and operationally effective implementation of Microsoft’s cloud-native security information and event management (SIEM) platform.
This white paper provides security organizations with a practical field guide to develop a deployment strategy for Microsoft Azure Sentinel.
Intended to serve as a reference and planning document primarily for CISO, security architects, enterprise architecture, and project management leaders to learn the requirements for a successful implementation of Azure Sentinel.
Included in this white paper:
- Cloud SIEM architecture:
– Core Azure Sentinel solution components
– Data sources
- How to implement a new Azure Sentinel solution:
– Project resourcing
– Benchmark project effort and duration
– Architecture planning and considerations
– Scenarios for migrating from existing SIEM solutions
- Azure Sentinel-business considerations:
– Evaluating your data ingestion against use cases
– Log ingestion strategies
– Budgeting for Azure Sentinel costs
– Ongoing cost monitoring and evaluation