Azure Sentinel Deployment Best Practices

July 14, 2021

Employ best practices to support a stable, cost-effective, and operationally effective implementation of Microsoft’s cloud-native security information and event management (SIEM) platform.

This white paper provides security organizations with a practical field guide to develop a deployment strategy for Microsoft Azure Sentinel.

Intended to serve as a reference and planning document primarily for CISO, security architects, enterprise architecture, and project management leaders to learn the requirements for a successful implementation of Azure Sentinel.

Included in this white paper:

  • Cloud SIEM architecture:
    – Core Azure Sentinel solution components
    – Data sources
  • How to implement a new Azure Sentinel solution:
    – Project resourcing
    – Benchmark project effort and duration
    – Architecture planning and considerations
    – Scenarios for migrating from existing SIEM solutions
  • Azure Sentinel-business considerations:
    – Evaluating your data ingestion against use cases
    – Log ingestion strategies
    – Budgeting for Azure Sentinel costs
    – Ongoing cost monitoring and evaluation