Microsoft Sentinel is fast becoming the de-facto capability for many organisations worldwide to monitor, manage, triage and defend their Azure, AWS, on premise, endpoints, IOT and networked environments. Microsoft Sentinel will ingest data from numerous data sources, analyse and alert on issues found based on playbooks, automations and threat intelligence integration(s) to provide near real time alerts to vulnerabilities, risks and exploitation attempts.

KEEP provides managed Microsoft Sentinel services in 3 tiers

With unparalleled expertise in Microsoft Sentinel, KEEP provide unique capabilities that include deploying and configuring alerts, playbooks, automations, watchlists and Microsoft Security CoPilot.

Our analysts are experts with Kusto Query Language (KQL) and can provided tailored queries, dashboards, alerts and reports for either our managed clients or on an adhoc engagement to clients who simply require assistance.

Microsoft Sentinel SOC Automation – Our Analysts and Engineers work hard to automate the SOC capabilities offered, to allow the noise to be cut and the response times to actual threats to be drastically reduced. Our SOC automation focuses on two key pillars;

SOC Automation - User Input & Event Validation

User Input – dependent on the roles and responsibilities of the user(s) who generated the alert, they will be sent clear requests via Email, Teams or Slack requesting their input and confirmation of actions taken. Depending on their response(s), drives the resulting actions taken and the response “options” provided to the SOC Analyst(s).

A simple example can be seen here from our Development instance. Though the concept and capabilities can be implemented in the same manner, even for much more complex events.

SOC Automation - Analyst Engagement

SOC Analyst engagement – Analysts need the ability to triage, understand an alert or incident quickly and perform appropriate and measured actions that addresses the threat(s) faced at the earliest opportunity. Our Automation’s include, though are not limited to;

  • Analyst Decisions – dependent on the Roles and Responsibilities of the analyst, they will be presented with clear alerts via common platforms such as Email, Teams and Slack with “response” options to that alert, either based on user input or set conditions. Such as;
    • Isolating a user or device.
    • Performing further enrichment of the threats faced.
    • Triaging response actions already taken.
    • Each incident is automatically updated with their actions, comments and analysis.
    • and many more…
Get in Touch

Contact us

KEEP cyber security services

Get in Touch

Please get in touch using the form below.

Close form