netevert/sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
HCLMIT
Issues
- 0
Question about the whitelist queries
#53 opened by secAnalyst - 0
- 1
Dashboard error: 'project' operator: Failed to resolve table or column expression named 'process_create_whitelist'...
#51 opened by Networking-G - 12
Deploying hunting workbooks error
#50 opened by siuolkl - 2
Missing page/bad link
#46 opened by rod-trent - 1
Incorrect logic in "T1093_Process_Holoowing.txt" KQL
#45 opened by spwn3d1 - 0
- 0
post-deployment configuration will fail if you enter any upper case characters for your workspace
#44 opened by bobsyourmom - 0
- 1
Parse config
#40 opened by akapv - 1
Vnet DNS Server missing in Lab
#36 opened by MathiasVandePol - 2
- 0
Use workbooks resource inheritance to reduce crossComponentResources duplication in workbook template
#11 opened by netevert - 0
build white-listing solution
#6 opened by netevert - 0
build parent process guid drilldown
#34 opened by netevert - 0
build user drilldown
#30 opened by netevert - 0
build file create drilldown
#31 opened by netevert - 0
build network connection drilldown
#32 opened by netevert - 0
build MITRE ATT&CK drilldown
#29 opened by netevert - 0
build pipe name drilldown
#33 opened by netevert - 0
build process guid drilldown
#35 opened by netevert - 0
build computer drill-down workbook
#8 opened by netevert - 1
cost related to doing the sentinel attack ?
#20 opened by ssi0202 - 0
Migrate documentation to wiki
#28 opened by netevert - 1
parser does not parse EventID 3
#25 opened by ssi0202 - 0
Parser incorrectly parses sysmon Event 1 events from process_commandline field onwards
#18 opened by netevert - 1
- 0
alert rules that correlate to Threat Intelligence
#24 opened by ssi0202 - 1
- 3
- 0
Pipe Create Event is not parsed correctly
#16 opened by netevert - 3
Workbook and Dashboard errors
#15 opened by CyberSecOps - 0
Add AZSentinel support
#13 opened by netevert - 0
- 0
- 0
build ATT&CK trigger overview workbook
#7 opened by netevert - 2
- 0
- 1
Time condition in parser
#2 opened by oshezaf - 1