microsoft-sentinel
There are 44 repositories under microsoft-sentinel topic.
Cyb3r-Monk/Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
cyb3rmik3/KQL-threat-hunting-queries
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
eshlomo1/Microsoft-Sentinel-SecOps
Microsoft Sentinel SOC Operations
briandelmsft/SentinelAutomationModules
The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
ep3p/Sentinel_KQL
In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).
reversinglabs/reversinglabs-siem-rules
A collection of various SIEM rules relating to malware family groups.
EEN421/KQL-Queries
Ian Hanley's deceptively simple KQL queries.
eshlomo1/CloudSec
Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you covered.
h0ffayyy/MicrosoftSentinelStuff
Misc. content for Microsoft Sentinel
JonCyberGuy/SIEM-HomeLab
A walkthrough of creating and using the Azure environment and Microsoft Sentinel to track attacks and plot attacks on a live map.
Ditectrev/Microsoft-Azure-AZ-500-Azure-Security-Engineer-Practice-Tests-Exams-Questions-Answers
⛳️ PASS: Microsoft Azure AZ-500 (Azure Security Engineer Associate) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.
Accelerynt-Security/AS-Add-Machine-Logon-Users-to-Incident
Add Microsoft Defender machine logon users to a Microsoft Sentinel incident comment
Accelerynt-Security/AS-Revoke-Azure-AD-User-Session-From-Incident
Revoke Entra ID user sessions from Microsoft Sentinel incidents
hisashin0728/SentinelAzureOpenAI
Microsoft Sentinel / Azure Open AI 演習のレポジトリです。
Ben4FH/Adaz-Sentinel
Microsoft Sentinel fork of Adaz :wrench: Deploy customizable Active Directory labs in Azure - automatically.
hisashin0728/SentinelSOARWorkshopJP
Sentinel SOAR Workshop
Accelerynt-Security/Zscaler-add-Domains-to-URL-Category
Extract domains from Microsoft Sentinel incidents and add them to a Zscaler custom URL category
EightFence/community
This repository contains all the presentations, demo's, videos and other resources that we use during our community events.
h0ffayyy/sentinel-to-yaml
Convert Microsoft Sentinel rule templates to YAML
h0ffayyy/SentinelDomainMonitor
Use dnstwist to monitor for lookalike domains and send logs to Azure Log Analytics
hisashin0728/SentinelAzureOpenAIQueryCheck
This repository provides summarization Schedule Analytics Rules in Sentinel Incident
MartinPankraz/Security-Insights-2-Action
Content supporting the Microsoft hands-on at DSAG Technology Days March 2023
timtim589/WorkspaceManager
This workspace contains all the code (ARM templates and PowerShell) referenced inside my Medium article about the Sentinel Workspace Manager.
innofactororg/microsoft-sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
joelst/AzLighthouse
Managing Microsoft Sentinel with Azure Lighthouse
Accelerynt-Security/AS-Azure-AD-Enable-User
Enable Azure AD user accounts from Microsoft Sentinel incidents
Accelerynt-Security/AS-Block-GitHub-User
Block GitHub users from Microsoft Sentinel incidents
Accelerynt-Security/AS-Block-Hash-in-Defender
Block File Hashes found in Microsoft Sentinel Incidents in Defender
Accelerynt-Security/AS-Disable-Azure-AD-User-From-Entity
Disable Azure AD user accounts from Microsoft Sentinel account entities
Accelerynt-Security/AS-Edgescan-Integration
Pull Edgescan assets, hosts, and vulnerabilities into Microsoft Sentinel custom logs
Accelerynt-Security/AS-Enable-Azure-AD-User-From-Entity
Enable Azure AD user accounts from Microsoft Sentinel account entities
Accelerynt-Security/AS-Remove-Domains-from-Zscaler-URL-Category
Extract domains from Microsoft Sentinel incidents and remove them from a Zscaler custom URL category
Accelerynt-Security/AS-Revoke-Azure-AD-User-Session-From-Entity
Revoke Entra ID user sessions from Microsoft Sentinel entities
Accelerynt-Security/AS-Sign-Out-Google-User
Sign out Google users from Microsoft Sentinel incidents
hisashin0728/SentinelIncidentNotificationTeams
このレポジトリは Microsoft Sentinel のインシデントを Microsoft Teams に通知するサンプルテンプレートです。
Jackmundo/sentinel4beginners
This project was designed to help beginners or those new to setting up MS Sentinel with setting up your own little home lab (on the free trial version, can do this with the $200 credit provided by Microsoft)