{"id":2239,"date":"2025-04-02T13:49:53","date_gmt":"2025-04-02T13:49:53","guid":{"rendered":"http:\/\/castelis-dev.local\/insights-ressources\/why-microsoft-sentinel-is-essential-for-cyber-threat-management-a-practical-guide-for-cios\/"},"modified":"2025-04-02T13:49:53","modified_gmt":"2025-04-02T13:49:53","slug":"why-microsoft-sentinel-is-essential-for-cyber-threat-management-a-practical-guide-for-cios","status":"publish","type":"article","link":"https:\/\/www.castelis.com\/en\/insights-ressources\/why-microsoft-sentinel-is-essential-for-cyber-threat-management-a-practical-guide-for-cios\/","title":{"rendered":"Why Microsoft Sentinel is Essential for Cyber \u200b\u200bThreat Management: A Practical Guide for CIOs"},"content":{"rendered":"<p><strong>Microsoft Sentinel<\/strong>, a <strong>cloud-native SIEM<\/strong>, is redefining the standards for <strong>threat management<\/strong>. With a powerful combination of artificial intelligence, automation, and flexibility, it offers CIOs an agile solution to monitor their infrastructures, detect anomalies, and orchestrate rapid and precise responses.<\/p>\n<p>Cybersecurity has become a strategic issue for modern businesses. Chief Information Officers (CIOs) are faced with a major challenge: protecting increasingly complex infrastructures, while adapting to the acceleration of sophisticated attacks such as ransomware, phishing, and insider threats.<\/p>\n<p>In this context, <strong>traditional security management solutions are showing their limits<\/strong>. Too rigid, costly, and often unable to adapt to the speed of attacks, they leave companies vulnerable and impose a significant operational burden on them. This is where Microsoft Sentinel makes the difference.<\/p>\n<p>In this article, we offer a <strong>practical guide to understanding why Microsoft Sentinel is the key to a modern SOC<\/strong> and how it meets the strategic and technical expectations of CIOs. Discover how Microsoft Sentinel helps companies detect and block ransomware in minutes, or automate responses to complex threats.<\/p>\n<p>Already convinced? Learn <a href=\"https:\/\/www.castelis.com\/en\/actualites\/cloud-en\/configure-microsoft-sentinel-for-a-modern-soc\/\" target=\"_blank\" rel=\"noopener\">how to configure Microsoft Sentinel<\/a>, step by step guide.<\/p>\n<p>&nbsp;<\/p>\n<h2>Understanding the challenges CIOs face in the face of security threats<\/h2>\n<h3>Understanding the importance of cybersecurity today<\/h3>\n<p>Cybersecurity is not simply a technical issue reserved for IT teams: it is the foundation of business resilience and sustainability in a digital world. With the rise of digital transformation, every component of an organization&#8217;s ecosystem \u2013 from strategic internal data to interactions with customers, partners, and suppliers \u2013 has become a potential target for cyberattacks.<\/p>\n<p>The impact of cybersecurity extends well beyond the boundaries of the company:<\/p>\n<ul>\n<li>On the company itself: A successful attack can paralyze critical infrastructure, block supply chains, or cause direct and indirect financial losses.<\/li>\n<li>On employees: Cyberattacks often exploit human weaknesses (phishing, identity theft), exposing employees to increased stress and responsibilities.<\/li>\n<li>On customers: A leak of sensitive data can harm the company&#8217;s trust and reputation.<\/li>\n<li>On partners: The compromise of an entity can quickly spread to an entire network of interconnected partners, creating a domino effect.<\/li>\n<\/ul>\n<p>At the same time, attacks are becoming more muscular and sophisticated, combining advanced methods and varied attack vectors:<\/p>\n<ul>\n<li>Ransomware targets companies of all sizes and sectors, demanding ever higher ransoms.<\/li>\n<li>Increasingly convincing phishing campaigns trap thousands of users every day.<\/li>\n<li>Advanced Persistent Threats (APTs), carried out by organized or state-sponsored groups, are capable of stealthily and sustainably infiltrating systems.<\/li>\n<\/ul>\n<p>In this context, cybersecurity has become a sprawling concern, impacting every aspect of the company and its ecosystems. For CIOs, this means adopting a proactive posture, capable of detecting and neutralizing threats before they cause irreversible damage. <a href=\"https:\/\/azure.microsoft.com\/en-us\/products\/microsoft-sentinel\" target=\"_blank\" rel=\"noopener\">Microsoft Sentinel<\/a> stands out as one of the most convincing responses to date.<\/p>\n<p>As a result, CIOs must address several challenges:<\/p>\n<ul>\n<li>Lack of specialized resources: IT and security teams are often undersized in the face of the scale of threats.<\/li>\n<li>Regulatory compliance: Standards such as GDPR or ISO 27001 impose strict requirements for data protection and management.<\/li>\n<li>The complexity of hybrid environments: With the proliferation of cloud and on-premises infrastructures, monitoring security is becoming a real headache.<\/li>\n<\/ul>\n<p>Need help on this? Check our <a href=\"https:\/\/www.castelis.com\/en\/cloud-it-security-application-performance\/infrastructure-management-services\/\">Managed Cloud services<\/a>.<\/p>\n<p><iframe loading=\"lazy\" title=\"Optimizing Your Security Operations: Manage Your Data, Costs and Protections with SOC Optimizations\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/Uk9x60grT-o?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>&nbsp;<\/p>\n<h3>The Limitations of Traditional SIEM Solutions<\/h3>\n<p>SIEMs (Security Information and Event Management) are essential tools for enterprise cybersecurity. They collect, centralize, and analyze security data from various sources (event logs, network activities, endpoints, etc.) to detect anomalies, correlate events, and alert teams to potential threats.<\/p>\n<p>However, traditional SIEM solutions, such as <a href=\"https:\/\/www.splunk.com\/fr_fr\" target=\"_blank\" rel=\"noopener\">Splunk<\/a>, <a href=\"https:\/\/www.ibm.com\/qradar\" target=\"_blank\" rel=\"noopener\">IBM QRadar<\/a>, or <a href=\"https:\/\/www.opentext.com\/products\/behavioral-signals\" target=\"_blank\" rel=\"noopener\">ArcSight<\/a>, which have dominated the market for years, are starting to show their limitations in an increasingly complex and dynamic environment. Here\u2019s why these traditional tools struggle to meet today\u2019s needs:<\/p>\n<ol>\n<li>High infrastructure and maintenance costs:<br \/>\nTraditional SIEMs require large hardware or virtual infrastructures to store and analyze the huge volumes of data generated by modern systems. This infrastructure requirement results in high upfront costs, plus recurring expenses for maintenance, updates, and long-term storage of logs. For example, the cost of a Splunk deployment can quickly escalate based on the amount of data ingested.<\/li>\n<li>Complexity of integration across heterogeneous systems<br \/>\nModern enterprises rely on complex and hybrid IT environments, combining on-premises infrastructures, multi-cloud services, and diverse network equipment. Traditional SIEMs often struggle to:<br \/>\n&#8211; Seamlessly integrate these different data sources.<br \/>\n&#8211; Adapt their capabilities to constantly changing environments.<br \/>\nThe result: gaps in visibility and tedious manual configurations that increase the workload of IT teams.<\/li>\n<li>Limited real-time threat analysis<br \/>\nWhile traditional SIEMs excel at correlating historical events, they struggle to process real-time data streams. Limitations include:<br \/>\n&#8211; Analysis latency, making it difficult to immediately detect critical threats.<br \/>\n&#8211; A lack of advanced capabilities like machine learning, limiting their effectiveness against modern, rapidly evolving attacks.<\/li>\n<\/ol>\n<p>As a result, these solutions lead to a lack of responsiveness that can leave companies vulnerable to sophisticated attacks like ransomware or APTs.<\/p>\n<p>Traditional SIEM solutions remain a mainstay for some organizations, but they are no longer sufficient to meet today\u2019s challenges. A modernized approach, such as that offered by Microsoft Sentinel, is now essential to overcome these limitations and deliver proactive, scalable, and integrated cybersecurity.<\/p>\n<p><a href=\"#microsoft-sentinel-essential-choice\">Need help? Contact our experts to strengthen your security and better anticipate threats with Microsoft Sentinel.<\/a><\/p>\n<p>&nbsp;<\/p>\n<h2>Microsoft Sentinel: the Cloud-Native SIEM for a Modern SOC<\/h2>\n<h3>What is Microsoft Sentinel?<\/h3>\n<p>Microsoft Sentinel is a cloud-native SIEM solution developed by Microsoft, designed to meet modern cybersecurity challenges. Unlike traditional SIEMs, it relies entirely on Azure capabilities, ensuring unlimited scalability, financial flexibility, and simplified resource management.<\/p>\n<p>As a centralized platform, Microsoft Sentinel enables organizations to monitor their complex infrastructures in real-time, whether on-premises, in the cloud, or hybrid. Thanks to its tight integration with the Microsoft ecosystem \u2013 including Microsoft 365, Azure AD, and Defender \u2013 Sentinel provides comprehensive visibility into all security data and activities. It can also easily connect to third-party sources such as AWS, network equipment, or complementary security solutions, thus strengthening its ability to adapt to various IT environments.<\/p>\n<p>Positioned as a strategic lever for CIOs, Microsoft Sentinel combines the power of artificial intelligence and automation to optimize threat management and minimize operational risks.<\/p>\n<p><iframe loading=\"lazy\" title=\"Unveiling Microsoft Sentinel&#039;s Impact: Investigating a SAP Breach\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/O7wIRSQsJ3I?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<h3>Key Features<\/h3>\n<p>Microsoft Sentinel integrates capabilities that not only address the limitations of traditional SIEMs, but also exceed them by fully leveraging the benefits of cloud, artificial intelligence, and automation.<\/p>\n<p>This solution is distinguished by a set of powerful features, designed to strengthen security while reducing the burden on <a href=\"https:\/\/www.castelis.com\/en\/cloud-it-security-application-performance\/it-security-and-cybersecurity\/\">IT and SOC teams<\/a>.<\/p>\n<h4>Advanced Threat Detection with AI and Machine Learning<\/h4>\n<p>Sentinel leverages machine learning algorithms to:<\/p>\n<ul>\n<li>Identify anomalies and suspicious behaviors, often invisible to traditional tools.<\/li>\n<li>Prioritize threats based on their severity, allowing teams to focus on the most critical incidents.<\/li>\n<li>Automate data correlations, facilitating the proactive detection of complex attacks such as ransomware or lateral movements.<\/li>\n<\/ul>\n<p>Example: Microsoft Sentinel can spot anomalous user behavior over multiple days (e.g., unusual login times and massive downloads) without manual configuration, whereas a traditional SIEM would require predefined rules.<\/p>\n<h4>Analyzing Event Logs with Log Analytics<\/h4>\n<p>With Azure Log Analytics, Microsoft Sentinel collects, centralizes, and analyzes billions of events from a variety of sources, including:<\/p>\n<ul>\n<li>Internal systems (servers, endpoints).<\/li>\n<li>Cloud and SaaS applications like Microsoft 365.<\/li>\n<li>Network devices and firewalls.<\/li>\n<\/ul>\n<p>This deep-dive capability provides complete visibility into security activities, ensuring faster and more targeted responses.<\/p>\n<p>Example: An organization with millions of daily logs can use Microsoft Sentinel to correlate this data in real time, whereas a traditional SIEM might have to compromise on ingested volume to limit costs.<\/p>\n<h4>Out-of-the-box Connectors to Integrate Data<\/h4>\n<p>Microsoft Sentinel offers native connectors that enable seamless integration with a wide range of sources, including:<\/p>\n<ul>\n<li>Microsoft 365: Monitoring email, files, and identities.<\/li>\n<li>AWS and other clouds: Managing multi-cloud environments.<\/li>\n<li>Third-party solutions: Integrating with firewalls, VPN solutions, or business applications.<\/li>\n<\/ul>\n<p>This interoperability ensures broad security coverage, regardless of the tools used by the company.<\/p>\n<p>Example: With Sentinel, integrating a new source, such as an AWS cloud system, takes just minutes with out-of-the-box connectors. In a traditional SIEM, this could take days of configuration and testing.<\/p>\n<h4>Automated Playbooks to Orchestrate Incident Response<\/h4>\n<p>With Azure Logic Apps, Microsoft Sentinel lets you set up automated workflows to:<\/p>\n<ul>\n<li>Block compromised users or isolate infected machines.<\/li>\n<li>Notify teams about critical incidents via email, Teams, or other channels.<\/li>\n<li>Enable specific remediation actions without human intervention.<\/li>\n<\/ul>\n<p>These easily customizable playbooks reduce response time while eliminating human error.<\/p>\n<p>Example: When a compromised user account is detected, Microsoft Sentinel can automatically disable the user in Azure AD, notify teams via Teams, and initiate a deep log analysis. A traditional SIEM would require manual intervention to perform these steps.<\/p>\n<h4>Custom Dashboards for a Holistic, Centralized View<\/h4>\n<p>Microsoft Sentinel workbooks provide clear and intuitive visualization of security data, allowing teams to:<\/p>\n<ul>\n<li>Track key metrics in real time (number of alerts, priority threats, unusual activities).<\/li>\n<li>Analyze long-term trends with detailed reports.<\/li>\n<li>Share insights with decision makers to guide security strategies.<\/li>\n<\/ul>\n<p>Example: An organization can set up a Sentinel dashboard to view real-time unauthorized access attempts, critical threats, and long-term trends\u2014all with just a few clicks. Traditional SIEMs could take days of work to achieve a similar view.<\/p>\n<p>&nbsp;<\/p>\n<h3>Detailed Summary of Microsoft Sentinel\u2019s Added Value<\/h3>\n<p>Here is an enhanced table to highlight the differences between traditional SIEMs and Microsoft Sentinel, with a more detailed analysis on each key aspect:<\/p>\n<table>\n<tbody>\n<tr>\n<td><b>Aspect<\/b><\/td>\n<td><b>Traditional SIEM<\/b><\/td>\n<td><b>Microsoft Sentinel<\/b><\/td>\n<\/tr>\n<tr>\n<td><b>Threat Detection<\/b><\/td>\n<td><span style=\"font-weight: 400;\">&#8211; Detection mainly based on <\/span><b>static rules<\/b><span style=\"font-weight: 400;\"> requiring manual configuration.<\/span><\/td>\n<td><span style=\"font-weight: 400;\">&#8211; Advanced detection based on <\/span><b>artificial intelligence<\/b><span style=\"font-weight: 400;\"> and <\/span><b>machine learning<\/b><span style=\"font-weight: 400;\">, able to adapt to new threats and identify complex patterns.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Significant reduction of <\/span><b>false positives<\/b><span style=\"font-weight: 400;\"> thanks to behavioral analysis algorithms.<\/span><\/td>\n<\/tr>\n<tr>\n<td><b>Data Analysis<\/b><\/td>\n<td><span style=\"font-weight: 400;\">&#8211; Collection and analysis limited by the capacity of on-premises infrastructure.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; <\/span><b>High latency<\/b><span style=\"font-weight: 400;\"> when ingesting large volumes of data.<\/span><\/td>\n<td><span style=\"font-weight: 400;\">&#8211; <\/span><b>Unlimited scalability<\/b><span style=\"font-weight: 400;\"> thanks to Azure cloud, able to ingest and analyze billions of logs in real time.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; <\/span><b>Pay-as-you-go model<\/b><span style=\"font-weight: 400;\">, reducing costs related to fluctuating data volumes.<\/span><\/td>\n<\/tr>\n<tr>\n<td><b>Source Integration<\/b><\/td>\n<td><span style=\"font-weight: 400;\">&#8211; Complex and costly integration with external systems, requiring <\/span><b>specific connectors<\/b><span style=\"font-weight: 400;\"> often limited in functionality.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Long integration time for sources not natively supported.<\/span><\/td>\n<td><span style=\"font-weight: 400;\">&#8211; <\/span><b>Native connectors out of the box<\/b><span style=\"font-weight: 400;\"> for common systems like <\/span><b>Microsoft 365<\/b><span style=\"font-weight: 400;\">, <\/span><b>Azure<\/b><span style=\"font-weight: 400;\">, <\/span><b>AWS<\/b><span style=\"font-weight: 400;\">, and third-party network or security equipment.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Increased <\/span><b>interoperability<\/b><span style=\"font-weight: 400;\">, facilitating smooth integration in hybrid environments.<\/span><\/td>\n<\/tr>\n<tr>\n<td><b>Automation<\/b><\/td>\n<td><span style=\"font-weight: 400;\">&#8211; Limited automation, requiring external tools (such as scripts or third-party orchestration platforms) to manage workflows.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Often manual process, increasing response time and risk of human error.<\/span><\/td>\n<td><span style=\"font-weight: 400;\">&#8211; Built-in automation via <\/span><b>Azure Logic Apps<\/b><span style=\"font-weight: 400;\">: creation of <\/span><b>playbooks<\/b><span style=\"font-weight: 400;\"> for rapid and standardized responses to incidents.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Automated scenarios for actions like <\/span><b>isolating infected devices<\/b><span style=\"font-weight: 400;\">, <\/span><b>disabling compromised accounts<\/b><span style=\"font-weight: 400;\">, or <\/span><b>alerting teams<\/b><span style=\"font-weight: 400;\"> via Teams or email.<\/span><\/td>\n<\/tr>\n<tr>\n<td><b>Dashboards<\/b><\/td>\n<td><span style=\"font-weight: 400;\">&#8211; Dashboards are often rigid, requiring advanced skills to customize reports.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Limited visibility into trends and no interactive visualization.<\/span><\/td>\n<td><span style=\"font-weight: 400;\">&#8211; <\/span><b>Interactive and customizable workbooks<\/b><span style=\"font-weight: 400;\">, allowing to visualize key indicators in real time.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Long-term trend tracking and creation of reports tailored to the specific needs of technical and decision-making teams.<\/span><\/td>\n<\/tr>\n<tr>\n<td><b>Scalability<\/b><\/td>\n<td><span style=\"font-weight: 400;\">&#8211; Requires a <\/span><b>hardware upgrade<\/b><span style=\"font-weight: 400;\"> to manage an increase in data or security sources.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Difficulty adapting quickly to changing needs.<\/span><\/td>\n<td><span style=\"font-weight: 400;\">&#8211; <\/span><b>Cloud-native solution<\/b><span style=\"font-weight: 400;\">, which automatically evolves to meet variations in data volumes or organizational needs.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; <\/span><b>Rapid deployment<\/b><span style=\"font-weight: 400;\"> without hardware constraints.<\/span><\/td>\n<\/tr>\n<tr>\n<td><b>Total Cost of Ownership (TCO)<\/b><\/td>\n<td><span style=\"font-weight: 400;\">&#8211; High cost due to on-premises infrastructure (servers, storage).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Additional costs for maintenance and expansion of the solution.<\/span><\/td>\n<td><span style=\"font-weight: 400;\">&#8211; Reduced TCO thanks to the cloud model: no dedicated infrastructure to manage.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; <\/span><b>Flexible pricing model<\/b><span style=\"font-weight: 400;\"> based on actual data consumption.<\/span><\/td>\n<\/tr>\n<tr>\n<td><b>Resilience and Availability<\/b><\/td>\n<td><span style=\"font-weight: 400;\">&#8211; Risk of interruptions in case of hardware failures or resource overload.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Dependence on internal teams to maintain availability.<\/span><\/td>\n<td><span style=\"font-weight: 400;\">&#8211; Hosted in Azure with <\/span><b>guaranteed high availability<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">&#8211; Built-in resilience with backup and data replication across multiple geographies.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<ul>\n<li><b>Threat Detection:<\/b> Sentinel outperforms traditional SIEMs with its behavioral analytics and AI-based detection capabilities, which identify complex attacks without requiring excessive manual configuration.<\/li>\n<li><b>Data Analytics:<\/b> Where traditional SIEMs are limited by on-premises infrastructure, Microsoft Sentinel offers unlimited scalability and optimal performance to analyze massive volumes of data in real time.<\/li>\n<li><b>Integration:<\/b> Sentinel\u2019s native connectors simplify the addition of new sources, which is a major weakness of traditional SIEMs.<\/li>\n<li><b>Automation:<\/b> Sentinel automates incident responses through built-in playbooks, eliminating the slow manual processes of traditional solutions.<\/li>\n<li><b>Financial Flexibility:<\/b> Unlike the high fixed costs of traditional SIEMs, Microsoft Sentinel offers an agile business model that adapts to the real needs of the business.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Specific Benefits for CIOs<\/h2>\n<p>In Summary: Why CIOs Choose Microsoft Sentinel<\/p>\n<p>Microsoft Sentinel is more than just a security tool; it is a strategic solution for CIOs, delivering:<\/p>\n<ul>\n<li>Significant cost reductions through scalability and the cloud model.<\/li>\n<li>Increased efficiency through automation and AI.<\/li>\n<li>Simplified management of regulatory obligations.<\/li>\n<li>Better collaboration for informed and rapid decisions.<\/li>\n<\/ul>\n<p>The economic impact is also measurable. A <a href=\"https:\/\/query.prod.cms.rt.microsoft.com\/cms\/api\/am\/binary\/RE4IgFh\" target=\"_blank\" rel=\"noopener\">Forrester 2020 report on &#8220;The Total Economic Impact\u2122 of Microsoft Sentinel&#8221;<\/a> reveals that the tool delivered a 201% ROI over three years and reduced costs by 48% compared to traditional SIEM solutions.<\/p>\n<p><iframe loading=\"lazy\" title=\"Building Microsoft Sentinel Integrations - Part 1: Onboarding\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/eK5bmKhy2iI?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>&nbsp;<\/p>\n<h3>Reduce Costs and Simplify Infrastructure<\/h3>\n<p>One of Microsoft Sentinel\u2019s key strengths is its cloud-native model, which reduces the cost of on-premises infrastructure while delivering a powerful and scalable solution.<\/p>\n<ul>\n<li><b>Eliminate On-Premises Infrastructure Requirements:<\/b> Unlike traditional SIEMs that require dedicated servers and expensive storage solutions, Microsoft Sentinel is built on <a href=\"https:\/\/www.castelis.com\/en\/about-us\/technology-partners\/microsoft-azure\/\">Azure<\/a>. This not only reduces upfront capital expenditures but also <a href=\"https:\/\/www.castelis.com\/en\/cloud-it-security-application-performance\/infrastructure-management-services\/\">eliminates maintenance and hardware upgrade costs<\/a>.<\/li>\n<li><b>Pay-as-you-go for Better Budget Control:<\/b> Microsoft Sentinel\u2019s business model is based on flexible pricing, based on the amount of data ingested and analyzed. Organizations only pay for what they consume, allowing them to adjust costs based on actual needs and avoid unnecessary expenses. This allow a real <a href=\"https:\/\/www.castelis.com\/en\/cloud-it-security-application-performance\/finops-cloud-financial-management\/\">FinOps approach<\/a>.<\/li>\n<\/ul>\n<p>Concrete Example: A company that manages a temporary peak in logs (audit, critical incident) can increase its analysis capacity without additional structural costs, where a traditional SIEM would require a heavy investment in infrastructure.<\/p>\n<h3>Automation and Time Savings<\/h3>\n<p>Proactive cybersecurity is based on fast and efficient processes. Microsoft Sentinel excels in automating tasks, which allows teams to focus on high-value activities.<\/p>\n<ul>\n<li><b>Automation of Repetitive Tasks with Logic Apps:<\/b> Thanks to the integration of Azure Logic Apps, Sentinel allows the creation of automated workflows (playbooks) to process alerts and incidents. For example, in the event of ransomware detection, Sentinel can automatically isolate the infected device, block the user in Azure AD, and notify the concerned teams.<\/li>\n<li><b>Proactive Threat Analysis with Machine Learning:<\/b> Sentinel uses AI algorithms to identify anomalies and suspicious patterns, even before a threat fully manifests itself. This significantly reduces detection and response times.<\/li>\n<\/ul>\n<p>Result: IT departments gain operational efficiency, while reducing the risks associated with human errors or extended response times.<\/p>\n<h3>Simplified Compliance and Reporting<\/h3>\n<p>In an increasingly strict regulatory environment, compliance is a key issue for IT departments. Microsoft Sentinel integrates powerful tools to simplify audit management and ensure compliance with current standards.<\/p>\n<ul>\n<li><b>Integrated Tools to Comply with Regulations:<\/b> Sentinel supports regulatory frameworks such as GDPR, NIS, ISO 27001, and PCI-DSS. It offers ready-to-use configurations to collect and analyze the data needed to monitor regulatory obligations.<\/li>\n<li><b>Rapid Creation of Reports for Audits:<\/b> Thanks to its customizable dashboards and automated analyses, Sentinel facilitates the generation of clear and detailed reports for internal or external audits.<\/li>\n<\/ul>\n<p>Concrete example: During a GDPR audit, Sentinel can produce a report detailing unauthorized access, security incidents, and corrective measures taken.<\/p>\n<h3>Improved Collaboration with the SOC<\/h3>\n<p>A modern SOC must be a fluid interface between IT, security, and decision-making teams. Microsoft Sentinel offers suitable tools to improve communication and decision-making.<\/p>\n<ul>\n<li><b>Tools Designed for Better Communication Between Teams:<\/b> Sentinel alerts and data can be easily shared via collaborative tools such as Microsoft Teams, allowing for a coordinated and rapid response. Additionally, automated workflows allow for standardizing responses and clarifying responsibilities.<\/li>\n<li><b>Intuitive Dashboards for Strategic Decisions:<\/b> Customized workbooks provide a summary view of key indicators (critical alerts, threat trends, compliance status). This helps CIOs and their teams prioritize actions and align their decisions with strategic objectives.<\/li>\n<\/ul>\n<p>Concrete example: A dedicated dashboard can display in real time the status of alerts, incidents being resolved, and areas of vulnerability, thus providing complete visibility to guide actions.<\/p>\n<p>&nbsp;<\/p>\n<h2>Use Case: Microsoft Sentinel in Action<\/h2>\n<p>Microsoft Sentinel is not just a theoretical solution: it is designed to face real and complex situations. Here are three concrete examples illustrating its effectiveness in critical contexts.<\/p>\n<h3>Detection and Response to a Ransomware Attack<\/h3>\n<p>Context: A company notices unusual activity on its servers, characterized by repeated accesses and abnormally high volumes of data.<\/p>\n<p>Action with Microsoft Sentinel:<\/p>\n<ul>\n<li><b>Log Integration:<\/b> Microsoft Sentinel collects logs from all relevant sources (servers, endpoints, networks, Microsoft 365). This data is centralized in Azure Log Analytics for real-time analysis.<\/li>\n<li><b>Anomaly Detection:<\/b> Machine learning algorithms detect unusual behaviors, such as a high number of failed logins followed by successful access, or suspicious lateral movement between different systems.<\/li>\n<li><b>Automated Playbook Activation:<\/b>\n<ul>\n<li>Sentinel triggers a playbook via Azure Logic Apps to immediately isolate the affected server.<\/li>\n<li>Access for affected users is automatically blocked in Azure Active Directory.<\/li>\n<li>A notification is sent to the SOC team via Microsoft Teams with a detailed report of the actions taken.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Outcome: The attack is contained before data is encrypted, minimizing the impact on the business.<\/p>\n<h3>Threat Management in a Hybrid Environment<\/h3>\n<p>Background: A multinational organization operates with infrastructures distributed across <a href=\"https:\/\/www.castelis.com\/en\/about-us\/technology-partners\/microsoft-azure\/\">Azure<\/a>, AWS, and on-premises data centers. Monitoring these heterogeneous environments becomes a challenge due to the diversity of log sources and tools.<\/p>\n<p>Action with Microsoft Sentinel:<\/p>\n<ul>\n<li><b>Multi-Cloud Monitoring:<\/b> Sentinel connects logs from Azure services, AWS CloudTrail, and on-premises devices via native connectors and APIs.<\/li>\n<li><b>Centralized View:<\/b> With interactive workbooks, Sentinel provides a comprehensive, unified visualization of threats detected in each environment, facilitating decision-making.<\/li>\n<li><b>Event Correlation:<\/b> An alert is generated when an unauthorized user attempts to access an AWS server after a phishing attempt is detected in Microsoft 365. Data from different platforms is correlated to confirm suspicious activity.<\/li>\n<li><b>Proactive Response:<\/b> Microsoft Sentinel triggers a playbook to:\n<ul>\n<li>Immediately disable the compromised user in Azure and AWS.<\/li>\n<li>Notify cloud administrators across regions.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Outcome: A coordinated threat is quickly detected and neutralized with complete visibility across all environments.<\/p>\n<h3>Strengthening Compliance for a Financial Services Company<\/h3>\n<p>Background: A bank is preparing for an ISO 27001 audit to demonstrate compliance with information security management standards. Auditors require documented evidence of incident monitoring and remediation.<\/p>\n<p>Action with Microsoft Sentinel:<\/p>\n<ul>\n<li><b>Collect Compliance Data:<\/b> Sentinel automatically collects relevant security logs, such as unauthorized access, anomalies in network activity, and responses to critical incidents.<\/li>\n<li><b>Use Compliance Reports:<\/b> Sentinel\u2019s custom workbooks generate detailed reports highlighting:\n<ul>\n<li>Security incidents detected and addressed.<\/li>\n<li>Remediation actions taken (e.g., endpoint isolation or user password change).<\/li>\n<li>Continuous monitoring metrics, such as mean detection and response times.<\/li>\n<\/ul>\n<\/li>\n<li><b>Audit Automation:<\/b> Through native integration with Azure Policy, Sentinel automatically verifies cloud resources for compliance with regulatory frameworks (e.g., access controls or firewall configurations).<\/li>\n<\/ul>\n<p>Outcome: The organization provides the auditor with a complete, automated record demonstrating ISO 27001 compliance, without tying teams to time-consuming manual tasks.<\/p>\n<p>&nbsp;<\/p>\n<h2>How to Deploy Microsoft Sentinel Effectively<\/h2>\n<p>Deploying Microsoft Sentinel is a strategic endeavor that requires careful planning and rigorous execution to maximize its impact on your organization\u2019s security. Here are the key steps and best practices to follow for a successful implementation.<\/p>\n<h3>Implementation Steps<\/h3>\n<h4>1. Identify Business Needs<\/h4>\n<p>Before configuring Microsoft Sentinel, it is essential to understand your organization\u2019s specific needs:<\/p>\n<ul>\n<li>What are the main security risks? For example: ransomware, data exfiltration, identity compromise.<\/li>\n<li>What are the critical data sources? Servers, endpoints, cloud, SaaS, network equipment, etc.<\/li>\n<li>What regulatory frameworks need to be adhered to? GDPR, ISO 27001, PCI-DSS, etc.<\/li>\n<\/ul>\n<p>This step ensures that Sentinel is aligned with business priorities and strategic objectives.<\/p>\n<h4>2. Configure Data Connectors<\/h4>\n<p>For maximum effectiveness, Sentinel should collect data from all relevant sources in your IT ecosystem. Here\u2019s how:<\/p>\n<ul>\n<li><b>Use Native Connectors:<\/b> Quickly connect Microsoft 365, Azure, AWS, and network equipment via pre-configured integrations.<\/li>\n<li><b>Add Third-Party Sources:<\/b> Integrate logs from non-Microsoft solutions (firewalls, VPNs, identity systems) via APIs or custom connectors.<\/li>\n<li><b>Prioritize Critical Sources:<\/b> Ensure that key systems, such as production servers or sensitive databases, are monitored first.<\/li>\n<\/ul>\n<p><iframe loading=\"lazy\" title=\"Building Microsoft Sentinel Integrations - Part 2: Creating Data Connectors\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/wXCh17rgtLU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<h4>3. Create Custom Playbooks and Dashboards<\/h4>\n<ul>\n<li><b>Automated Playbooks:<\/b> Set up workflows specific to your organization through Azure Logic Apps. For example, a playbook can automatically isolate an infected machine or notify the SOC when abnormal behavior is detected.<\/li>\n<li><b>Custom Dashboards:<\/b> Create workbooks tailored to your teams\u2019 needs. For example: one board for tracking critical incidents, another for compliance audits. These visualizations make it easier to steer operations and make decisions.<\/li>\n<\/ul>\n<p>Optimize your organization&#8217;s security with Microsoft Sentinel. <a href=\"#microsoft-sentinel-essential-choice\">Contact our experts for a tailored implementation<\/a>!<\/p>\n<p>&nbsp;<\/p>\n<h3>Best Practices to Maximize Results<\/h3>\n<h4>Training Your Teams on KQL (Kusto Query Language)<\/h4>\n<p>KQL is a powerful tool for querying and analyzing data collected by Sentinel. To take full advantage of it:<\/p>\n<ul>\n<li>Train your teams to write effective queries to search for anomalies or create advanced alert rules.<\/li>\n<li>Automate custom reports to meet the specific needs of your SOC or audits.<\/li>\n<\/ul>\n<p>Tip: Microsoft offers online resources and certifications to master KQL.<\/p>\n<h4>Continuous Monitoring and Adjustment of Alert Rules<\/h4>\n<p>To ensure proactive security, Microsoft Sentinel requires constant monitoring:<\/p>\n<ul>\n<li><b>Refine Alert Rules:<\/b> Reduce false positives by adjusting thresholds and conditions.<\/li>\n<li><b>Adapt Rules to New Threats:<\/b> Regularly update your detections to follow emerging trends (e.g., new phishing tactics or ransomware).<\/li>\n<li><b>Leverage Behavioral Analytics:<\/b> Identify abnormal behaviors using built-in machine learning algorithms.<\/li>\n<\/ul>\n<h4>Collaborate with a Microsoft Certified Integrator<\/h4>\n<p>Using a Microsoft certified integrator can accelerate deployment and ensure optimal implementation:<\/p>\n<ul>\n<li><b>Pre-Audit:<\/b> The integrator can perform an audit to assess your needs and prioritize actions.<\/li>\n<li><b>Advanced Configuration:<\/b> Take advantage of their expertise to integrate complex data sources or customize playbooks adapted to your internal processes.<\/li>\n<li><b>Ongoing Support:<\/b> A partner can provide post-deployment monitoring, supporting you in the evolution of your security strategies.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Microsoft Sentinel vs Other SIEMs: Splunk, QRadar, Elastic SIEM, ArcSight, LogRhythm, Securonix, Rapid7 InsightIDR<\/h2>\n<table>\n<tbody>\n<tr>\n<td><b>Criteria<\/b><\/td>\n<td><b>Microsoft Sentinel<\/b><\/td>\n<td><b>Splunk<\/b><\/td>\n<td><b>QRadar (IBM)<\/b><\/td>\n<td><b>Elastic SIEM<\/b><\/td>\n<td><b>ArcSight (Micro Focus)<\/b><\/td>\n<td><b>LogRhythm<\/b><\/td>\n<td><b>Securonix<\/b><\/td>\n<td><b>Rapid7 InsightIDR<\/b><\/td>\n<\/tr>\n<tr>\n<td><b>Entry Cost<\/b><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Low, thanks to the cloud and pay-as-you-go<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u274c High, significant upfront costs<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u274c High, on-premises dependency<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Low, open source (managed cost possible)<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u274c High, requires dedicated servers<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f High, expensive licenses<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Variable, depending on configurations<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Affordable thanks to the SaaS model<\/span><\/td>\n<\/tr>\n<tr>\n<td><b>Scalability<\/b><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Unlimited thanks to Azure<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Scalable but expensive<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Limitation by on-prem infrastructures<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Highly scalable in the cloud<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u274c Difficult to expand without large investments<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Limited by on-prem infrastructure<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Highly scalable, designed for the cloud<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Highly scalable thanks to the SaaS model<\/span><\/td>\n<\/tr>\n<tr>\n<td><b>Cloud-native Integration<\/b><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Cloud-native, with native connectors<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Cloud integration possible but not native<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u274c Not very suitable for cloud native<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Cloud-friendly but third-party tools required<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u274c Not cloud-native<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Partially suitable for the cloud<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Cloud-native, suitable for hybrids<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Cloud-native, fast SaaS integration<\/span><\/td>\n<\/tr>\n<tr>\n<td><b>Automation<\/b><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Integrated with Logic Apps<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Possible via external tools<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Advanced configurations required<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Limited without third-party tools<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Requires complex integrations<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Limited automation<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Advanced automation<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Integrated and efficient automation<\/span><\/td>\n<\/tr>\n<tr>\n<td><b>User Interface<\/b><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Intuitive and customizable<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Powerful but complex interface<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Technical, requires training<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Simple but not always user-friendly<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Complex and sometimes outdated<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Technical and not very intuitive<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 User-friendly and modern interface<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Modern and intuitive<\/span><\/td>\n<\/tr>\n<tr>\n<td><b>Threat Analysis<\/b><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Integrated AI and machine learning<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Advanced but depends on configuration<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Powerful but rule-based<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Effective but less robust in AI<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Robust detection but complex configuration<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Effective but limited in several ways<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Advanced behavioral analysis<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Fast analysis with UEBA capabilities<\/span><\/td>\n<\/tr>\n<tr>\n<td><b>Compliance Reporting<\/b><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Automated and personalized reports<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Can be created but requires adjustments<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Support for frameworks but adjustments required<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Requires manual customizations<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u26a0\ufe0f Compliant but not very intuitive<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Good support but less flexible<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Excellent with ready-to-use templates<\/span><\/td>\n<td><span style=\"font-weight: 400;\">\u2705 Predefined, simplified templates<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<h2 id=\"microsoft-sentinel-essential-choice\">Microsoft Sentinel + Castelis: the perfect match for performance and trust<\/h2>\n<p data-start=\"173\" data-end=\"341\">With <strong data-start=\"178\" data-end=\"200\">Microsoft Sentinel<\/strong>, businesses turn their security into a strategic advantage \u2014 intelligent monitoring, AI-driven automation, and proactive threat detection.<\/p>\n<p data-start=\"343\" data-end=\"750\">Backed by <strong data-start=\"353\" data-end=\"409\">Castelis\u2019 CyberVadis Platinum Medal (score 983\/1000)<\/strong>, our recognized expertise in <strong data-start=\"439\" data-end=\"483\">cybersecurity, AI, and cloud supervision<\/strong> helps organizations build <strong data-start=\"510\" data-end=\"571\">high-performing, scalable, and compliant SOC environments<\/strong>.<\/p>\n<p data-start=\"343\" data-end=\"750\">The combination of <strong data-start=\"594\" data-end=\"624\">Microsoft Sentinel\u2019s power<\/strong> and <strong data-start=\"629\" data-end=\"674\">Castelis\u2019 proven cybersecurity excellence<\/strong> ensures optimal protection for your cloud environments and critical data.<\/p>\n<p data-start=\"343\" data-end=\"750\">\n<p data-start=\"343\" data-end=\"750\">? <strong data-start=\"755\" data-end=\"795\">Try Microsoft Sentinel with Castelis<\/strong> and experience the best of AI-driven security to stay ahead of tomorrow\u2019s threats.<\/p>\n<p>&nbsp;<\/p>\n\n\t\t\t\t\t\t<script>\n\t\t\t\t\t\t\twindow.hsFormsOnReady = window.hsFormsOnReady || [];\n\t\t\t\t\t\t\twindow.hsFormsOnReady.push(()=>{\n\t\t\t\t\t\t\t\thbspt.forms.create({\n\t\t\t\t\t\t\t\t\tportalId: 9318812,\n\t\t\t\t\t\t\t\t\tformId: \"2821dee8-59fb-4bd6-a2c5-10784b9ae3db\",\n\t\t\t\t\t\t\t\t\ttarget: \"#hbspt-form-1777385715000-3821080496\",\n\t\t\t\t\t\t\t\t\tregion: \"na1\",\n\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t})});\n\t\t\t\t\t\t<\/script>\n\t\t\t\t\t\t<div class=\"hbspt-form\" id=\"hbspt-form-1777385715000-3821080496\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Sentinel, a cloud-native SIEM, is redefining the standards for threat management. With a powerful combination of artificial intelligence, automation, and flexibility, it offers CIOs an agile solution to monitor their infrastructures, detect anomalies, and orchestrate rapid and precise responses. Cybersecurity has become a strategic issue for modern businesses. Chief Information Officers (CIOs) are faced &hellip; <a href=\"https:\/\/www.castelis.com\/en\/insights-ressources\/why-microsoft-sentinel-is-essential-for-cyber-threat-management-a-practical-guide-for-cios\/\">Continued<\/a><\/p>\n","protected":false},"author":2,"featured_media":2033,"template":"","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[75,77],"tags":[],"class_list":["post-2239","article","type-article","status-publish","has-post-thumbnail","hentry","category-cybersecurite","category-ia"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/article\/2239","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/article"}],"about":[{"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/types\/article"}],"author":[{"embeddable":true,"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/users\/2"}],"version-history":[{"count":0,"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/article\/2239\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/media\/2033"}],"wp:attachment":[{"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/media?parent=2239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/categories?post=2239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.castelis.com\/en\/wp-json\/wp\/v2\/tags?post=2239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}