![]() ![]() What are the actual retention targets for different logs? (Not the generic answers).Have we defined our use-cases for leveraging OpenAI Services & Copilot?.Do we need Azure Data Lakehouse or will Azure Data Explorer satisfy our needs?.Does ingesting this log type enable Sentinel detection analytics or overall SecOps visibility?.Who is going to build & manage the complex security analytics infrastructure?. ![]() □Before you design or build complex Sentinel architecture, you need to come up with practical answers to these questions: Over the last (4) years, we have seen different variants of Sentinel Architecture appear and fulfil the promise of a true cloud SIEM that integrates seamlessly with other Azure resource types. One of the things that I found refreshing while learning Sentinel in 2019 was the Sentinel deployment best practices did not include ingesting every log in the Enterprise without sound Information Security reasoning. □The Next Evolution of Microsoft Sentinel Architecture ![]()
0 Comments
Leave a Reply. |