Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
-
Updated
Jan 1, 2024 - Jupyter Notebook
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Microsoft Sentinel SOC Operations
The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
⛳️ PASS: Microsoft Azure AZ-500 (Azure Security Engineer Associate) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.
Ian Hanley's deceptively simple KQL queries.
A collection of various SIEM rules relating to malware family groups.
Add Microsoft Defender machine logon users to a Microsoft Sentinel incident comment
Microsoft Sentinel / Azure Open AI 演習のレポジトリです。
Add comments containing Microsoft Defender exposure level to Microsoft Sentinel incidents
Revoke Entra ID user sessions from Microsoft Sentinel incidents
A walkthrough of creating and using the Azure environment and Microsoft Sentinel to track attacks and plot attacks on a live map.
Disable Azure AD user accounts from Microsoft Sentinel account entities
This workspace contains all the code (ARM templates and PowerShell) referenced inside my Medium article about the Sentinel Workspace Manager.
Pull Edgescan assets, hosts, and vulnerabilities into Microsoft Sentinel custom logs
Microsoft Sentinel rules for Azure CIS Benchmark Ver.1.4.0
Extract domains from Microsoft Sentinel incidents and add them to a Zscaler custom URL category
Azure Active Directory Identity Protection Custom Rule for Microsoft Sentinel
Add a description, image, and links to the microsoft-sentinel topic page so that developers can more easily learn about it.
To associate your repository with the microsoft-sentinel topic, visit your repo's landing page and select "manage topics."