Sentinel establishment and uplift

This service will increase the cyber security posture of all Queensland Government entities by deploying and configuring Microsoft Sentinel and Azure Lighthouse. We use Azure Lighthouse for access to your tenancy so that we can deploy, configure and maintain Sentinel.

Our service enhances your security operations capabilities, enable you to manage, detect, monitor, investigate, and respond to security incidents. You can do this stand-alone in your agency or with the support of your third-party managed security service provider.

We offer 3 service options, and you can select what you need:

Express

Our express option includes:

• Prompt implementation of security information and event management (SIEM) solution.
• Deployment of all defined solutions and associated data-connectors, workbooks, automation play books and hunting queries.
• On-board you to our Azure Lighthouse environment.

Advanced

Our advanced option is about:

• Longer engagement suitable for clients with advanced SIEM and security orchestration, automation, and response (SOAR) requirements.
• Deployment of requested out-of-the-box solutions and associated data-connectors, workbooks, automation play books and hunting queries.
• Additional requested SOAR and automation capability.
• Multi-cloud data integration, if required.
• On-boarding to Cyber Security Unit’s Azure Lighthouse environment.

Consultancy and advisory

This option is suitable for clients with existing Microsoft Sentinel setup. You can choose from the service options to choose from including Sentinel optimisation, review, advisory, training, guidance and on-boarding to Queensland Government Cyber Security Unit’s Azure Lighthouse environment.

Development, deployment, and consultation efforts are funded by the Queensland Government Cyber Security Unit.

Client security operations uplift

SIEM, SOAR and threat hunting capability enabled in client environment with capability to add more functionality.

Improved visibility

You gain enhanced visibility into your security landscape and posture to allow for more effective incident management. This increased awareness enables proactive measures to mitigate risks.

Low barrier to entry

Minimise costs by utilising Sentinel’s free data ingestion facility (limited to M365 data) and free data retention period of 90 days.

Situational awareness

Onboarding to Lighthouse provides the Queensland Government Cyber Defence Centre with critical visibility and situational awareness, enhancing the overall security posture and response capabilities.

Technology we use

We work with you to deploy and configure the following technologies into Azure Lighthouse environment:

Microsoft Sentinel

Sentinel is a scalable, cloud-native solution delivering security analytics and threat intelligence in a single solution for alert detection, threat visibility, proactive hunting, and threat response. We deploy and configure Microsoft Sentinel in your Azure environment.

Azure Logic Apps

We will configure your Azure tenancy for incident management, enrichment and remediation. Azure Logic Apps provides the Security Orchestration, Automation, and Response (SOAR).

Azure Lighthouse

This is an optional technology but we highly recommend it. Azure Lighthouse enables the centralised visibility of the security status of multiple agency M365 environments. We onboard you to Lighthouse for visibility as part of the configuration.

The following eligible agencies and related bodies can access this service at no cost but some additional Azure products have costs that are the responsibility of the client:

• Queensland Government agencies
• statutory bodies
• local government
• government owned corporations.

Contact the Queensland Government Cyber Security Unit by email cybersecurityunit@qld.gov.au to access this service.

Learn more about the technology:

• Microsoft Sentinel
• Azure Logic Apps (playbooks)
• Microsoft Lighthouse