Azure Sentinel Security Service

Apply for a free consultation

Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that is deployed on the Microsoft Cloud Service - Azure.

Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

What this means for you?

Azure Sentinel Security Service brings the following main benefits for your organization:

  1. Azure Sentinel will be monitored and maintained by highly qualified and experienced IT infrastructure and cybersecurity professionals;
  2. Daily analysis of potential threats and full security incident response lifecycle management including all records of incidents identified through SIEM;
  3. dots. experts will make sure that your SIEM system works as it should and is optimised so that you get the most benefit from it
  4. Focus on growing your business and be confident that your organization is protected from external and internal threats.


Azure Sentinel is cloud-native, which means that no additional hardware is necessary to start using it and it scales automatically. So, you can start benefitting from it almost instantly.

The project is organized in the following steps:

  1. Project kick-off meeting to align project scope, project schedule, responsibilities, and involved persons;
  2. Azure Sentinel instance deployment;
  3. Configure data connectors, log collection;
  4. Configure workbooks and hunting queries;
  5. Configure and enable analytic rules;
  6. Set up alerts, incidents, and notifications;
  7. Configure sample automated response;
  8. Demonstrate incident investigation on a sample incident;
  9. Q&A session;
  10. Present project results in an online meeting.

Security Service levels

Azure Sentinel Security Service: BASIC

  • Day-to-day monitoring of connected data sources (5 x 8);
  • Reporting to the customer about a potential incident;
  • Monitoring the amount of data received and accumulated according to subscription limits;
  • Current system documentation (data sources, types of connected resources, changes, etc.);
  • Monthly report to e-mail on key metrics (volume of records processed, number of alerts, number of incidents, change of metrics against previous period, etc.).

Azure Sentinel Security Service: ADVANCED

ADVANCED level includes all the features from the BASIC level and adds a complete incident management process and maintaining the Incident Registry within the Sentinel:

  • Day-to-day handling of previously configured alerts (alarms) for atypical activities and incident creation, if any;
  • Processing and creating incidents of anomalies identified in the data (like non-representative changes in the number of events in the short term, etc.);
  • Investigation of incidents within  the SIEM accumulated information;
  • Cooperation with the contact persons of the Client, if such is necessary for the investigation;
  • Managing the full life cycle of incident response within the system weekly and monthly reports on incidents identified as a result of studies of logs processed in the system.

Azure Sentinel Security Service: PREMIUM

PREMIUM level includes all the features from the BASIC level + proactive investigation of specific attack vectors, system development, and reduction of organizational security risk exposure:

  • Regular analysis of specific security events that may be linked to external attacks or failures in the customer's infrastructure configuration (hunting);
  • Recommendations for connecting additional data sources to optimise incident investigation time and to facilitate faster identification of false-positive findings;
  • Recommendations for infrastructure changes to reduce the identification time of false-positive incidents and to increase the effectiveness of security monitoring;
  • Creating and maintaining specific dedicated monitoring lists, for example, to identify VPN connections from atypical addresses;
  • Review of all activities of privileged users;
  • Other actions as needed.

Why Azure Sentinel?

  • No initial deployment costs in the form of expensive licenses.
  • No additional servers are required in the organization’s data center.
  • Day-to-day monitoring of logs.
  • Software is always up-to-date, no upgrade downtimes.
  • Records are stored separately from the infrastructure to be monitored in a secure high-availability environment.

Why dots.?

WeAreDots, SIA (dots.) is a technology company with more than 20-year experience that combines innovative, dedicated and certified IT professionals with in-depth expertise and extensive know-how in various fields like IT infrastructure and Cybersecurity, Cloud and Machine Learning, Software development, and Mobility.

Our experienced cybersecurity team gathers experienced and highly skilled experts with certifications such as:

  • CISSP (Certified Information System Security Professional), 
  • CISA (Certified Information System Auditor), 
  • CEH (Certified Ethical Hacker), 
  • LPT Master (Licensed Penetration Tester), 
  • Microsoft Certified Professional, 
  • Microsoft Certified System Engineer, 
  • Microsoft Certified Technology Specialist and 
  • PRINCE2 (Project Manager).

We are proud to be one of the partners, that's service quality, expertise, collaboration, and trustability are verified by Microsoft.