Let´s talk

Case studies

Replacing a Legacy SIEM Solution with Actionable Threat Response Using Microsoft Sentinel

Costa Group is a global primary producer operating across Australia, New Zealand, South East Asia, and South America. Its hybrid environment spans farms, production facilities, logistics depots, and cloud-based ERP and SCADA systems, supporting complex supply chains and strict export controls. 

To modernise security operations and better integrate with its Microsoft 365 and Defender investments, Costa partnered with Oreta to implement a Microsoft Sentinel-driven SIEM and SOC capability tailored to both IT and operational technology environments. 

Challenges

Costa’s legacy SIEM identified unusual activity but lacked actionable insight, contextual correlation, and response automation. Alerts generated significant noise, overwhelming a lean IT team, while the absence of centralised log ingestion limited visibility across cloud, on-premises, and SCADA systems. Integration with Microsoft 365 Defender was minimal, and there was no formal SOC capability to triage, contain, or escalate threats. 

At the same time, Costa faced increasing regulatory requirements under ISO 27001, the ASD Essential Eight, and export security controls. Without unified visibility, auditable processes, and scalable operations, meeting these obligations consistently was becoming increasingly difficult. 

Solution

Oreta replaced the legacy SIEM with Microsoft’s Sentinel platform aligned to Costa’s Microsoft ecosystem and operational realities. The solution delivered multi-region Sentinel workspaces for centralised visibility and regional resilience, ingesting logs from Microsoft 365, Microsoft Defender for Endpoint, Azure AD, on-premises firewalls, and SCADA gateways. Detection content was tailored to agricultural operations and regional threat landscapes. 

Eighteen data connectors were configured to provide comprehensive telemetry, supported by fourteen high-fidelity analytics rules and twenty-two workbooks delivering role-based dashboards and real-time insights. SOAR playbooks were implemented to automate triage, enrichment, containment, and escalation, standardising response and reducing manual effort. 

The platform was integrated with ITSM workflows and aligned to Oreta’s Managed SOC operating model, with clear escalation paths, role-based access controls, and detections mapped to the MITRE ATT&CK framework. The solution was designed in line with the Azure Well-Architected Framework to ensure scalability, security, reliability, and cost optimisation.

Outcome

  • 85 percent reduction in time to action on real-world threats 
  • Automated SOAR workflows significantly reduced alert fatigue and dwell time 
  • Improved compliance alignment with ISO 27001 and the ASD Essential Eight 
  • Reduced costs through tool consolidation and optimisation across Sentinel and Microsoft Defender 

Other Case Studies

Autopilot + Windows 11 Rollout Without Pain

Modern deployment with Windows Autopilot streamlines device provisioning, reducing IT costs and support tickets while boosting security and scalability.

Managed Network & Fortinet Security Services for Greystar’s Australian Properties

Greystar is a global residential property leader delivering community-focused rental housing and student accommodation across Australia and worldwide.

Constructing a Smarter ICT Future: Oreta’s Managed Services Journey with Winslow

Winslow Constructors is a major Australian construction company delivering large-scale infrastructure projects nationwide.

We empower businesses to thrive by delivering tailored cloud, security, network, and telco solutions. Through advisory, delivery, and managed services, we partner with our customers to innovate, connect, and achieve lasting impact.

Dubai Office

The Offices 5, Level 3,
Office 303,
One Central Dubai
World Trade Centre
Dubai, United Arab Emirates

Melbourne Office

Level 7, Tower 2
727 Collins Street
Melbourne, VIC 3000

Sydney Office

Level 11, 14 Martin Place
Sydney NSW 2000

India Office

Oreta India Pvt. Ltd.
KMG Towers, Sector 67, Sahibzada Ajit Singh Nagar, Punjab 160062

Enquiries

Follow us:

Privacy policy
Conrade Pty Ltd, trading as Oreta. All Rights Reserved.
2026

Let's talk