Optimize your Sentinel Operations with this Workbook
Managing a Cloud SIEM requires deliberate, security use-case focused deployment of your ingestion sources. It’s a fact.
As such, knowing how your sources are being utilized, how many workbooks and analytics rules are enabled per sources, is the kind of informaiton your SOC (and likely your MSSP) will need to know how to surface and report to management.
These are some of the reasons and use cases for a recently released Sentinel Workbook called: “Microsoft Sentinel Optimization Workbook”
From one of the creators themselves
I recently sat down to chat with one of the product managers leading the creation of the workbook, he provided an overview of what can be achieved with it, I highly recommend you have a look:
The Workbook
The Workbook is comprised of 3 pillars, or sections:
☑️ Cost and Ingestion Optimization,
☑️ Operational Optimization and Effectiveness, and
☑️ Management and Acceleration.
I personally am a big fan of the Billeable data breakdown insight:
The Workbook can be found in Sentinel’s Content Hub, steps below:
- Within Sentinel, logged in as a Security Admin role;
- Go to “Content Hub”;
- Search for “Optimization”;
- Select “Microsoft Sentinel Optimization Workbook”;
- Select Configure/setup.
Try it out and leave your feedback in the comments or in the Techcommunity post’s comments (link below)! The Product team appreciates it!
You can find more information about the workbook here.
For a future write-up, I plan to cover the top 3 ways to leverage the workbook in your operations.
Learn more about my Cloud and Security Projects: https://linktr.ee/acamillo
Consider subscribing to Medium (here) to access more content that will empower you!
Thank you for reading and leave your thoughts/comments!
References
Scattered throughout the document
