Azure Sentinel Deployment Best Practices

Employ best practices to support a stable, cost-effective, and operationally effective implementation of Microsoft’s cloud-native security information and event management (SIEM) platform.

This white paper provides security organizations with a practical field guide to develop a deployment strategy for Microsoft Azure Sentinel.

Intended to serve as a reference and planning document primarily for CISO, security architects, enterprise architecture, and project management leaders to learn the requirements for a successful implementation of Azure Sentinel.

Included in this white paper:

• Cloud SIEM architecture:
  – Core Azure Sentinel solution components
  – Data sources

• How to implement a new Azure Sentinel solution:
  – Project resourcing
  – Benchmark project effort and duration
  – Architecture planning and considerations
  – Scenarios for migrating from existing SIEM solutions

• Azure Sentinel-business considerations:
  – Evaluating your data ingestion against use cases
  – Log ingestion strategies
  – Budgeting for Azure Sentinel costs
  – Ongoing cost monitoring and evaluation