azure-sentinel
There are 29 repositories under azure-sentinel topic.
netevert/sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
eshlomo1/Microsoft-Sentinel-SecOps
Microsoft Sentinel SOC Operations
briandelmsft/SentinelAutomationModules
The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
ashwin-patil/blue-teaming-with-kql
Repository with Sample KQL Query examples for Threat Hunting
noodlemctwoodle/pf-azure-sentinel
Parse pfSense/OPNSense logs using Logstash, GeoIP tag entities, add additional context to logs, then send to Azure Sentinel for analysis.
jostuffl/AzureSentinel_Stuff
A collection of things I've created or found that I think is useful for Azure Sentinel.
y0nil/kusto.blog
A technical blog about Kusto
austin-lai/Collection-of-Azure-Monitor-or-Sentinel-Kusto-Queries
Collection of Azure Monitor or Sentinel Kusto Queries
clouddrove/terraform-azure-sentinel
This terraform module is designed to create azure Sentinel resources. Microsoft Sentinel natively incorporates proven Azure services, like Log Analytics and Logic Apps. Microsoft Sentinel enriches your investigation and detection with AI. It provides Microsoft's threat intelligence stream and enables you to bring your own threat intelligence
austin-lai/Collection-of-AzureSentinel-Playbook
Collection of Azure Sentinel - Playbook | Logic App (Template)
hisashin0728/SentinelAzureOpenAI
Microsoft Sentinel / Azure Open AI 演習のレポジトリです。
SvenAelterman/AzSentinel-syslogfwd-HA
Azure ARM (bicep) template for deploying a high availability syslog/CEF forwarder setup using Azure VMs.
Cyberproof/Azure-Sentinel-Logstash
A containerized Logstash ready to send data to Log Analytics or Event Hub
mtnmunuklu/AzureSentinelToExcel
This project used for convert azure sentinel rules to excel
T13nn3s/microsoft
Microsoft related PowerShell scripts and KQL queries
austin-lai/Collection-of-AzureSentinel-AnalyticsRules-Template
Collection of Azure Sentinel - Analytics Rules (Template)
FabianBorz01/KQL-queries
My KQL queries :) Feel free to use and improve them.
hisashin0728/AutoClosing-SAMPLEALERT-FromMDfC
AutoClosing-SAMPLEALERT-FromMDfC
hisashin0728/SentinelAzureOpenAIQueryCheck
This repository provides summarization Schedule Analytics Rules in Sentinel Incident
McL0vinn/MicrosoftDefender-DiscordCNC
Threat-Hunting KQL query which identifies machines that utilize powershell, cmd or wmic to connect to any URL that includes “cdn.discordapp.com” ,where the action was initiated by a script execution ( .vbs , .bat etc)
McL0vinn/MicrosoftDefender-Kaseya_IOCs
Simple KQL query that can be run either in MD for Endpoint (Threat hunting or Custom indicator) or in Azure Sentinel (Threat hunting or analytics rule).It's looking for 4 known IOCs related to the Kaseya attack
DrPwner/KQL-Manager
KQL Local Manager, allows you to manage and organize KQL Queries in a central Database.
gypthecat/maxmind-kusto
MaxMind Geo and ASN Data for Kusto
miguel-pgomes/Azure-content
Azure related content
mlaraibkhan/az.sentinel-security-content
Microsoft Sentinel Custom Content
quantum-sec/terraform-azurerm-workbooks
Terraform modules for deploying and managing Azure workbooks.
epomatti/azure-sentinel
Sentinal capabilities implemented
hisashin0728/SentinelTeamsNotifyEnrichment
This Repository provides notification to Microsoft Teams by Adaptive Card.