Information Security - Security Operations Center (SOC) Enhancement with Azure Sentinel

Objective: Implement and enhance centralized security monitoring and incident response using Microsoft Sentinel for a hybrid cloud environment.

Key technologies and scope:

• SIEM: Microsoft Sentinel architecture and data connectors (Azure services, Microsoft 365, FortiGate firewalls)
• Detection engineering: KQL rules aligned with MITRE ATT&CK
• Incident response: SOAR playbooks using Azure Logic Apps
• Endpoint management: Microsoft Intune (app deployment, patch management, compliance reporting)
• ITSM: Integration with Jira Service Management for ticketing and tracking

Expected deliverables:

• End-to-end Sentinel deployment with core connectors
• Custom KQL analytics and detection rules
• Automated incident response playbooks
• Hardened endpoint policies via Intune
• Integrated security incident workflows with JSM

Learning outcomes:

• Design and implement SIEM solutions with Sentinel
• Develop KQL-based detections mapped to MITRE ATT&CK
• Automate IR playbooks for common scenarios
• Implement robust endpoint security with Intune
• Integrate SOC processes with ITSM for streamlined handling