Siem

In the first post of our Azure Sentinel lab-building series, we learned how to deploy a team lab in a fully automated manner. Using Azure Bicep, it was possible to automatically provision a lab that included a Sentinel SIEM alongside a configurable number of virtual machines. Moreover, the lab included a Sysmon-based solution allowing users to create detection analytics targeting real-life adversary behaviours. Finally, the lab could be deployed and destroyed on-demand, helping save costs.

Since being launched in 2019, Azure Sentinel has quickly secured a spot within the Security Information and Event Management (SIEM) space. In a market dominated by Microsoft software, its integration capabilities with the Azure Cloud platform and the Defender endpoint protection ecosystem have provided the platform with significant competitive advantages. Moreover, its ease of deployment has subverted the timelines and complexity typically associated with SIEM implementation projects.

As more businesses look to migrate or adopt Azure Sentinel, security teams must be ready to support their organisation’s ambitions - a Sentinel lab can help get your team ready before the time comes.