Have you invested in MS Sentinel but would like some extra assistance to ensure utilisation and efficiency?

Microsoft Azure Sentinel Acceleration Programme’, designed specifically for organisations interested in MS Sentinel and leveraging as much of the functionality as possible. This programme is deployed via an agreed number of days, delivered over an agreed period.

Working with one of our senior SIEM engineer and security specialist. The agreed period enables the feeds to be ingested and for you to have appropriate time to develop your awareness and ask any questions that you may have.

Throughout the process, the SIEM Engineer, SOC Analysts and Security Consultants are available to support the project.

Our Projects are carried out in two phases:

<span>Phase One</span>Onboarding/Knowledge
Phase OneOnboarding/Knowledge

Kick-off workshop to cover roles and responsibilities, systems to be monitored, and documentation requirements

Full system overview and deep dive into functionality

Produce Plan, write-up, and document how the solution will address the requirements documentation to cover the requirements

Identify or build out data source connectors event collectors and parsing rules of log sources

Provide further value by making rule set and optimisation improvement recommendations

<span>Phase Two</span>Build Effectiveness
Phase TwoBuild Effectiveness

CyberCrowd follow the CREST Cyber Security Incident Response Guide, which follows a Prepare, Respond and Follow Up methodology.

During Phase Two, we propose that this methodology is implemented, providing an additional assurance for both stakeholders and customers.

CyberCrowd can also work on bespoke rules and use cases as well as heavy tuning of the environment to get to the lowest achievable FPP (False positive possibility).

Ready to Get Started?

Your email address will not be published. Required fields are marked *