There are 4 repositories under microsoft-sentinel topic.
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
Microsoft Sentinel SOC Operations
The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).
A collection of various SIEM rules relating to malware family groups.
Ian Hanley's deceptively simple KQL queries.
Misc. content for Microsoft Sentinel
A walkthrough of creating and using the Azure environment and Microsoft Sentinel to track attacks and plot attacks on a live map.
Add Microsoft Defender machine logon users to a Microsoft Sentinel incident comment
Revoke Entra ID user sessions from Microsoft Sentinel incidents
⛳️ PASS: Microsoft Azure AZ-500 (Azure Security Engineer Associate) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.
Microsoft Sentinel / Azure Open AI 演習のレポジトリです。
Microsoft Sentinel fork of Adaz :wrench: Deploy customizable Active Directory labs in Azure - automatically.
Extract domains from Microsoft Sentinel incidents and add them to a Zscaler custom URL category
This repository contains all the presentations, demo's, videos and other resources that we use during our community events.
Use dnstwist to monitor for lookalike domains and send logs to Azure Log Analytics
This repository provides summarization Schedule Analytics Rules in Sentinel Incident
Content supporting the Microsoft hands-on at DSAG Technology Days March 2023
This workspace contains all the code (ARM templates and PowerShell) referenced inside my Medium article about the Sentinel Workspace Manager.
Azure Active Directory Identity Protection Custom Rule for Microsoft Sentinel
Managing Microsoft Sentinel with Azure Lighthouse
Disable Azure AD user accounts from Microsoft Sentinel incidents
Enable Azure AD user accounts from Microsoft Sentinel incidents
Block GitHub users from Microsoft Sentinel incidents
Block File Hashes found in Microsoft Sentinel Incidents in Defender
Disable Azure AD user accounts from Microsoft Sentinel account entities
Pull Edgescan assets, hosts, and vulnerabilities into Microsoft Sentinel custom logs
Enable Azure AD user accounts from Microsoft Sentinel account entities
Add comments containing Microsoft Defender exposure level to Microsoft Sentinel incidents
Extract domains from Microsoft Sentinel incidents and remove them from a Zscaler custom URL category
Revoke Entra ID user sessions from Microsoft Sentinel entities
Sign out Google users from Microsoft Sentinel incidents
App to ingest Threat Intelligence (TI) into a Firewall