BTS Internships

PoC for utilizing azure sentinel as SIEM and XDR system

Damir SEFEROVIC ( Promotion: BCYB21 )

Company: PM-International

15 Waistrooss, L-5445 Schengen

Contact: Hartwig BAUER
Email: hartwig.bauer@pm-international.com
Phone: 661 862 277

Description:
Define final scope of and setup PoC for utilizing azure sentinel as SIEM and XDR system.
Basic goals of PoC:
can PM
■ strengthen concepts of centrally available security state related information
■ foster security improvements from event/incident detection, event/incident response
■ benefit from extended capability of DR
with azure sentinel?

Tools:
Knowledge
Understand basic concepts and capabilities of SIEM (Security information and event management) and DR (Detection and Response)
Understand benefits of extended DR (XDR)
Understand basic concepts and setup of solarwind central logging
Understand azure sentinel's technical approach, benefits, cost and setup
Define PoC scope and goals

Skills
Create a basic setup in azure sentinel for the PoC including endpoints
• Windows 10 clients
• MacOS client
• FortiGate firewalls
• DELL N-Series switches
• Input from Solarwind log collection
• Syslog entries from SecurePoint Firewalls
Setup basic resources for azure sentinel
Connect endpoints into azure sentinel
Connect solarwind output into azure sentinel
Create standardized reports from azure sentinel resources

Prepare review of PoC results by PM Engineers and IT Management.

Period: 1680480000 – 1690070400

Tutor: Maurizio SPAGNUOLO

No tags assigned.