ScienceSoft Global Menu icon ScienceSoft Global

Careers

For journalists

email contact@scnsoft.com en flag +1 214 306 68 37
en flag +1 214 306 68 37
Contact us
Custom Microsoft Sentinel SIEM Enabled Non-Standard Data Collection and Cut False Positives by 20%

Custom Microsoft Sentinel SIEM Enabled Non-Standard Data Collection and Cut False Positives by 20%

Industry
Information Technology

About Our Client

The Client is a B2B IT services provider recognized on the IAOP’s Global Outsourcing 100 list and ranked among America’s Fastest-Growing Companies by the Financial Times. Headquartered in the US, the company delivers technology implementation and advisory services to businesses worldwide.

Global IT Company Needed SIEM Customization for Its Hybrid Infrastructure

As part of its ISO 27001-certified Information Security Management System (ISMS), the Client sought to enhance its existing Microsoft Sentinel SIEM deployment to improve visibility and streamline SOC operations.

Operating a hybrid infrastructure, the Client faced the following key challenges:

  • Limited data collection and visibility. Key security data sources (firewalls, domain controllers, and identity systems) were not integrated into the SIEM, resulting in blind spots that affected threat detection and SOC effectiveness.
  • Integration and processing of non-standard systems. The Client’s on-premises systems lacked native support for audit log processing and threat-hunting queries and rules, which affected meaningful security monitoring.

The Client commissioned ScienceSoft to fine-tune its Microsoft Sentinel deployment and resolve integration issues, trusting our expertise in SIEM deployment and customization services.

Enhancing Microsoft Sentinel SIEM to Support Non-Standard Data Sources

Data Onboarding and Integration

As part of the SIEM customization process, ScienceSoft’s experts:

  • Integrated critical data sources, including firewalls, domain controllers, and identity systems by configuring data collection rules and mappings.
  • Created custom data connectors and tables using Data Collection Rules (DCRs), transformation rules, and Azure Resource Manager (ARM) templates to onboard non-standard data sources. ScienceSoft’s engineers followed Advanced Security Information Model (ASIM) standards, which allowed them to develop new universal correlation rules that supported diverse data sources, simplifying rule management while expanding detection coverage.
  • Designed and implemented custom parsers for accurate log interpretation across custom data sources.
  • Integrated Microsoft Sentinel with both Azure cloud services and on-premises systems for unified security monitoring.

With all the data sources integrated and mapped, the foundation was in place for the next stage — fine-tuning Microsoft Sentinel’s configuration and optimizing it for high-performance threat detection and response.

Sentinel Configuration and Optimization

Building on the newly onboarded data, ScienceSoft’s team refined Microsoft Sentinel’s configuration and performance to ensure accurate alerting and efficient threat and incident investigations. This stage included the following activities:

  • Developing Kusto Query Language (KQL) queries for log analysis and advanced threat hunting.
  • Creating analytics rules, workbooks, and playbooks to enable proactive threat detection and automated incident response.
  • Designing dashboards and visualizations to provide actionable security insights.
  • Fine-tuning data retention and archival settings to balance compliance, cost, and investigative needs.
  • Developing suppression rules to filter known benign patterns and approved activities.
  • Reviewing and improving entity mappings to better correlate alerts with users, hosts, and IPs.
  • Optimizing log processing performance for faster analysis and efficient threat hunting.

These enhancements improved Microsoft Sentinel’s efficiency, ensured precise alerts, and streamlined threat investigations.

Improved SIEM Visibility, Performance, and Cost-Efficiency for a Global IT Firm

As a result of involving ScienceSoft, the global IT services provider enhanced its Microsoft Sentinel SIEM with enabled visibility into previously unsupported, business-critical systems and automated key SOC workflows. This resulted in:

  • A 20% reduction in false positives due to fine-tuned correlation and suppression rules.
  • Expanded infrastructure coverage, enabling detection of previously unnoticed security incidents.
  • Regulatory compliance with ISO/IEC 27001 and SOC 2 requirements for security monitoring of critical systems.
  • Faster incident response and elimination of human error through automated playbooks (e.g., malicious IP blocking, incident escalation).
  • Higher SOC analyst productivity due to alert noise reduction, automated workflows, and tailored dashboards.
  • Lower SIEM operation costs through optimized alerting, data retention, and archival settings.

Have a question to our team or need help with your project?

Our team is ready to provide client references, estimate your project, or answer any other question related to your IT initiative.

Upload file

Drag and drop or to upload your file(s)

?

Max file size 10MB, up to 5 files and 20MB total

Supported formats:

doc, docx, xls, xlsx, ppt, pptx, pps, ppsx, odp, jpeg, jpg, png, psd, webp, svg, mp3, mp4, webm, odt, ods, pdf, rtf, txt, csv, log

Get in touch instantly

Call us Email us WhatsApp Live chat