swiftsolves-msft

PowerShell-Scripts

PowerShell Scripts, Snippets, bare minmium ideas

Azure-Sentinel-Playbooks

decks

The following Repo are for Public Slide Decks that may be of interest

Community-GuestConfiguration

The following guest configuration artifacts removes the intial authoring steps 1-4. The remaining steps are publishing the artifacts to your Azure subscription and registering the Azure Policy.

mde

MDE miscellaneous stuff

Microsoft-Sentinel-ZScalerZIANSSCloud

Policy

Azure Policy

kql

kql query examples

Microsoft-Azure-SIEM-Pipeline

Here you will find architectures and configuration collected around sending Alerts and Logs from Microsoft and Azure platforms and products to 3rd party SIEM

Azure-Network-Security

Resources for improving Customer Experience with Azure Network Security

azure-quickstart-templates

Azure Quickstart Templates

Azure-Security-Center

Welcome to the Azure Security Center community repository

Azure-Sentinel

Cloud-native SIEM for intelligent security analytics for your entire enterprise.

AzureDefenderEnterpriseRollOut

Guidance and assets for Azure Defender rollout at an enterprise

AzureFirewall

Contains custom rules for Azure Firewall

changeanalysis-webapp-storage-sample

sample used in change analysis documentation to view Azure web app and storage changes

Community-Policy

This repo is for Microsoft Azure customers and Microsoft teams to collaborate in making custom policies.

dashboards

dashboards

DCToolbox

Tools for Microsoft cloud fans

LogicApps

Misc LogisApps built

Microsoft-Sentinel-ZScalerZIANSSAMA

Notebooks

Notebooks

NSGFlowLogs

placeholder

patch4cse

conceptual was to push patches or inner os things through Azure VMs Custom Script Extension

RiskyAPIs

Can be used when testing a newly created custom role, to see if there are inadvertent permissions granted on known risky Azure Management APIs.

SimuLand

Understand adversary tradecraft and improve detection strategies

Tanium

TargetResearch

Scripts and Programs that help with potential targeting.

Threat-Protection-CWPP-MindMap

The following tool link below can be used to explore Defender for Cloud's - Cloud Workload Platform Protection (CWPP) core services it can cover and capabilities. While not exhaustive to every detection it provides a learning tool Mind Map to help explore each set of services covered under threat protection, capabilities with detailed notes, and links to reference alerts or unique blogs or scenarios written about.

workshop-arc

Azure Workshop using a E8s_V3 - Nested Hyper-V with DC, FileServer, and Ubuntu. Can be used to create workshops involving Hybrid scenarios for customer to test like Arc, Backups, ASR, OMS, and other scenarios