SIEM & logging · Ottawa & Gatineau

SIEM & log management for small businesses

Centralized logging and SIEM (Microsoft Sentinel): pull your logs together, catch threats early and keep the record your audits and insurers ask for.

What we put in place

From scattered logs to one clear view

Centralized collection

Endpoints, servers, firewalls, Microsoft 365 and cloud in one place.

Correlation & alerting

Connect isolated events so a real attack stands out.

Compliance retention

The retention SOC 2, NIST CSF and your insurers expect.

Threat detection

Rules tuned to your environment, not generic noise.

Microsoft Sentinel

A natural cloud SIEM for Microsoft 365 and Azure environments.

Investigation-ready

When an incident hits, you have the record to know what happened.

Microsoft Sentinel consulting

If you need hands-on Microsoft Sentinel help, this is the core of our practice: we design, deploy and tune the platform end to end, rather than just switching it on and hoping.

  • Workspace architecture. Log Analytics workspace design, deployed in Canadian Azure regions so your logs stay onshore.
  • Data connectors. Microsoft 365, Entra ID, firewalls, servers and third-party sources, brought into one view.
  • Analytics rules & KQL tuning. Detections written and tuned in KQL for your environment, so every alert means something.
  • Automation playbooks. Playbooks that enrich an alert, notify the right person or contain an account the moment a rule fires.
  • Ingestion-cost optimization. Deciding what belongs in Sentinel and what can live in cheaper log tiers — so you only pay for what’s worth keeping.
  • SIEM migration. An orderly move off a legacy SIEM onto Sentinel, without losing your history or your detections.
SIEM or MDR?

The platform and the people

A SIEM gives you visibility: it gathers the logs and raises alerts. But an alert no one watches protects no one. That’s why the SIEM pairs with our managed detection and response (MDR) — round-the-clock monitoring through a managed SOC built on Microsoft Sentinel and Microsoft Defender, plus the response — and feeds your incident response. We stand up the SIEM on its own if you have a team, or the whole stack if you’d rather hand it over. The logging also supports your compliance directly.

  • SIEM. The visibility and the evidence.
  • MDR. Round-the-clock monitoring through a managed SOC, 24/7.
  • Compliance-ready. Retention tuned to the rules.
  • Microsoft-certified. Sentinel, Entra, Defender.
FAQ

Frequently asked questions

What’s the difference between a SIEM and MDR?

A SIEM is the platform: it collects logs from your systems, correlates them and raises alerts. Managed detection and response (MDR) adds the watching and the response: round-the-clock monitoring through a managed SOC built on Microsoft Sentinel and Microsoft Defender that follows those alerts and acts on them. The two go together — the SIEM provides visibility, MDR provides the action. We can stand up the SIEM on its own if you have your own team, or pair it with our MDR.

What exactly is a SIEM?

SIEM stands for Security Information and Event Management. In plain terms, it’s where all your logs come together — endpoints, servers, firewalls, Microsoft 365, cloud — so they can be analyzed as one. It’s what lets you spot that a string of harmless-looking events is actually an attack, and keep a record of what happened.

Why keep our logs for so long?

Because you need them exactly when you don’t expect to. During an incident, logs tell you what happened and how far it went; without them, you’re guessing. Several frameworks (SOC 2, NIST CSF) and many cyber insurers require logging and retention over a set period — we tune retention to your obligations.

Do you work with Microsoft Sentinel?

Yes. For organizations already on Microsoft 365 and Azure, Microsoft Sentinel is a natural cloud SIEM, and our Microsoft background (architect and identity) fits it well. That said, the tool matters less than the outcome: the right logs, collected, retained and turned into useful detections.

How much does Microsoft Sentinel cost for a small business?

Sentinel is priced on ingestion: you pay per gigabyte of logs sent into the workspace, plus retention beyond the included period. So the cost depends on your data volume, not your headcount. A small business that sends only what matters can run it surprisingly lean, while an untuned deployment that swallows everything gets expensive fast. A big part of our work is exactly that tuning — routing verbose, low-value logs to cheaper tiers and keeping Sentinel for the signal, so you pay for detections, not noise.

Would you know what happened?

If you’re not sure what your systems are logging — or for how long — let’s talk.

Get in touch