Microsoft Sentinel services

Managed Microsoft Sentinel

With unparalleled expertise in Microsoft Sentinel, KEEP provide unique capabilities that include deploying and configuring alerts, playbooks, automations, watchlists and Microsoft Security CoPilot.

Microsoft Sentinel is fast becoming the de-facto capability for many organisations worldwide to monitor, manage, triage and defend their Azure, AWS, on premise, endpoints, IOT and networked environments. Microsoft Sentinel will ingest data from numerous data sources, analyse and alert on issues found based on playbooks, automations and threat intelligence integration(s) to provide near real time alerts to vulnerabilities, risks and exploitation attempts.

KEEP provides managed Microsoft Sentinel services in 3 tiers

With unparalleled expertise in Microsoft Sentinel, KEEP provide unique capabilities that include deploying and configuring alerts, playbooks, automations, watchlists and Microsoft Security CoPilot.

Basic Azure Sentinel (FOC)

KEEP will provide our baseline deployment (scripts) of Microsoft  Sentinel, pre-configured alerts, playbooks and simple automation free of charge to assist you getting your Microsoft Sentinel deployment running soonest.

We can provide support, additional capabilities and responses capabilities at an additional cost. Though we will provide regular updates to alerts and playbooks free of charge as they’re available and inline with deployments for our other clients.

Why? We believe any organisation, small or large, requires the ability to monitor their own systems. An awareness of issues, vulnerabilities and threats empower our clients and increases their cyber maturity exponentially.

IF you need assistance we will provide it, inline with our other service offerings, as described here.

Speak to a Consultant

Hybrid Azure Sentinel

Similar to our Basic Microsoft Sentinel model, KEEP will provide the deployment of Microsoft Sentinel, pre-configured alerts, playbooks, automations and watchlists to assist deploying your Microsoft Sentinel soonest.

We will also tune those capabilities to meet your organisational risk appetite, cost requirements and incident management processes to ensure your Microsoft Sentinel deployment is efficient from the outset.

Our consultants and analysts will provide triage and response services in line with agreed SLA’s and/or support to your own in-house team(s).

Speak to a Consultant
cloud hybrid architecture review

Fully Managed Azure Sentinel

Our fully managed Microsoft Sentinel service provides your organisation with a full outsourced security monitoring and response capability. This service can be provided in business hours or as a 24/7 capability with associated costs and SLA’s aligned to either option. You will receive all the capabilities as described here, alongside service credits for specific playbook(s)and automation requirements to further enhance your capabilities.

Speak to a Consultant

Our analysts are experts with Kusto Query Language (KQL) and can provided tailored queries, dashboards, alerts and reports for either our managed clients or on an adhoc engagement to clients who simply require assistance.

Microsoft Sentinel SOC Automation – Our Analysts and Engineers work hard to automate the SOC capabilities offered, to allow the noise to be cut and the response times to actual threats to be drastically reduced. Our SOC automation focuses on two key pillars;

SOC Automation - User Input & Event Validation

User Input – dependent on the roles and responsibilities of the user(s) who generated the alert, they will be sent clear requests via Email, Teams or Slack requesting their input and confirmation of actions taken. Depending on their response(s), drives the resulting actions taken and the response “options” provided to the SOC Analyst(s).

A simple example can be seen here from our Development instance. Though the concept and capabilities can be implemented in the same manner, even for much more complex events.

SOC Automation - Analyst Engagement

SOC Analyst engagement – Analysts need the ability to triage, understand an alert or incident quickly and perform appropriate and measured actions that addresses the threat(s) faced at the earliest opportunity. Our Automation’s include, though are not limited to;

  • Analyst Decisions – dependent on the Roles and Responsibilities of the analyst, they will be presented with clear alerts via common platforms such as Email, Teams and Slack with “response” options to that alert, either based on user input or set conditions. Such as;
    • Isolating a user or device.
    • Performing further enrichment of the threats faced.
    • Triaging response actions already taken.
    • Each incident is automatically updated with their actions, comments and analysis.
    • and many more…
Get in Touch

Contact us

KEEP cyber security services

Get in Touch

Please get in touch using the form below.

Close form