MICROSOFT SENTINEL DEPLOYMENT AND EVALUATION
Torri, Luke Mikael (2022)
2022
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2022121630403
https://urn.fi/URN:NBN:fi:amk-2022121630403
Tiivistelmä
This thesis was a research and implementation of Microsoft Sentinel a cloud-based security information event management tool. An opportunity for the thesis work came from a company called Marskidata where Microsoft products
were heavily used, but Sentinel was still unknown. My goals were to demonstrate how to implement Microsoft Sentinel to an existing company environment, and to evaluate how useful Sentinel is, and in what situations.
All the work was done in Marskidata Azure cloud environment. The first implementation of Sentinel was done in my own demo 365 Office environment, and
after learning and studying Sentinel there, a fully functional version was configured to a working Marskidata cloud environment. Documentation was done
as I learned new skills and concepts on the way. Microsoft Sentinel is relatively easy to deploy to an existing Azure cloud environment. All the surface
level and default tools are simple to understand and use, but the actual hunting and incident response work begins to get complicated for an unexperienced user. Microsoft Sentinel turned out to be an excellent tool for responding to new to threats.
Sentinel is not for every network or organization; it is hard to use, and it is relatively costly. I wanted to get an idea of where Sentinel suits the best, in what
size and type of organization. Generally bigger the environment, the more
value Sentinel brings with some exceptions.
were heavily used, but Sentinel was still unknown. My goals were to demonstrate how to implement Microsoft Sentinel to an existing company environment, and to evaluate how useful Sentinel is, and in what situations.
All the work was done in Marskidata Azure cloud environment. The first implementation of Sentinel was done in my own demo 365 Office environment, and
after learning and studying Sentinel there, a fully functional version was configured to a working Marskidata cloud environment. Documentation was done
as I learned new skills and concepts on the way. Microsoft Sentinel is relatively easy to deploy to an existing Azure cloud environment. All the surface
level and default tools are simple to understand and use, but the actual hunting and incident response work begins to get complicated for an unexperienced user. Microsoft Sentinel turned out to be an excellent tool for responding to new to threats.
Sentinel is not for every network or organization; it is hard to use, and it is relatively costly. I wanted to get an idea of where Sentinel suits the best, in what
size and type of organization. Generally bigger the environment, the more
value Sentinel brings with some exceptions.