microsoft-sentinel

There are 4 repositories under microsoft-sentinel topic.

• Threat-Hunting-and-Detection

  Cyb3r-Monk / Threat-Hunting-and-Detection

  Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

  threat-huntingthreat-detectioncybersecuritydefender-for-endpointdetection-engineeringdfirkqlkusto-languagemicrosoft-sentinel
  Language:Jupyter Notebook 574

• cyb3rmik3 / KQL-threat-hunting-queries

  A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

  kqlkustomicrosoftsecuritycentersentinelkusto-querykusto-query-languagemicrosoft-365microsoft-365-defendermicrosoft-365-securitymicrosoft-securitymicrosoft-sentinelsecuritythreat-detectionthreat-huntthreat-huntingthreat-detectingmicrosoft-xdrmicrosoftxdr
  476

• eshlomo1 / Microsoft-Sentinel-SecOps

  Microsoft Sentinel SOC Operations

  azure-sentinelsecuritysecopssiemsocazurehuntingirincident-responsemicrosoftmicrosoft-sentinelthreat-huntingthreat-intelligencecloudsecurity
  Language:PowerShell 233

• briandelmsft / SentinelAutomationModules

  The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel

  cybersecuritysample-codeazuresentinelazure-sentinelmicrosoft-sentinelautomationsentinel
  Language:PowerShell 201

• ep3p / Sentinel_KQL

  In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).

  microsoftsecurityazurekqlwatchlistkustosentinelsiementraentra-idmicrosoft-sentinel
  93

• reversinglabs / reversinglabs-siem-rules

  A collection of various SIEM rules relating to malware family groups.

  detection-engineeringinfosecmicrosoft-sentinelsiem
  Language:YARA 59

• EEN421 / KQL-Queries

  Ian Hanley's deceptively simple KQL queries.

  azurecloud-securitycybersecuritydevsecopskqlmicrosoft-sentinel
  42

• h0ffayyy / MicrosoftSentinelStuff

  Misc. content for Microsoft Sentinel

  microsoft-sentinelazureinfosecsiem
  16
• SIEM-HomeLab

  JonCyberGuy / SIEM-HomeLab

  A walkthrough of creating and using the Azure environment and Microsoft Sentinel to track attacks and plot attacks on a live map.

  apiapi-gatewayazureazure-functionscybersecurityevent-viewerfirewallfirewall-configurationfirewall-ruleslog-analytics-workspacemicrosoft-azuremicrosoft-sentinelpowershellpowershell-scriptprojectsremote-desktopsiemvirtual-machinevirtualizationwindows-10
  Language:PowerShell 13

• Accelerynt-Security / AS-Add-Machine-Logon-Users-to-Incident

  Add Microsoft Defender machine logon users to a Microsoft Sentinel incident comment

  microsoft-defender-for-endopointmicrosoft-sentinel
  7

• Accelerynt-Security / AS-Revoke-Azure-AD-User-Session-From-Incident

  Revoke Entra ID user sessions from Microsoft Sentinel incidents

  entra-idmicrosoft-sentinel
  4

• Ditectrev / Microsoft-Azure-AZ-500-Azure-Security-Engineer-Practice-Tests-Exams-Questions-Answers

  ⛳️ PASS: Microsoft Azure AZ-500 (Azure Security Engineer Associate) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.

  az-500azure-securityazure-security-engineer-associateazure-adazure-security-centerpractice-testazure-active-directorynetwork-security-groupnetwork-security-groupsmicrosoft-sentinelsentinelazure-virtual-networkazure-virtual-networksazure-storagerbacrbac-managementsubnetazure-log-analyticskey-vaultscommunity-project
  4

• hisashin0728 / SentinelAzureOpenAI

  Microsoft Sentinel / Azure Open AI 演習のレポジトリです。

  azureopenaimicrosoftmicrosoft-azuremicrosoft-sentinelazure-sentinelazure-sentinel-playbook
  4

• Ben4FH / Adaz-Sentinel

  Microsoft Sentinel fork of Adaz :wrench: Deploy customizable Active Directory labs in Azure - automatically.

  azuredetection-engineeringlabmicrosoft-sentinelsigmathreat-hunting
  Language:HCL 2

• hisashin0728 / SentinelSOARWorkshopJP

  Sentinel SOAR Workshop

  logicappsmicrosoftmicrosoft-sentinel
  2

• Accelerynt-Security / Zscaler-add-Domains-to-URL-Category

  Extract domains from Microsoft Sentinel incidents and add them to a Zscaler custom URL category

  microsoft-sentinelurl-categoryzscaler
  1
• community

  EightFence / community

  This repository contains all the presentations, demo's, videos and other resources that we use during our community events.

  communitymicrosoft-securitymicrosoft-sentinel
  1

• h0ffayyy / sentinel-to-yaml

  Convert Microsoft Sentinel rule templates to YAML

  microsoft-sentinel
  Language:Python 1

• h0ffayyy / SentinelDomainMonitor

  Use dnstwist to monitor for lookalike domains and send logs to Azure Log Analytics

  azurecontainerscybersecuritymicrosoft-sentinel
  Language:Python 1

• hisashin0728 / SentinelAzureOpenAIQueryCheck

  This repository provides summarization Schedule Analytics Rules in Sentinel Incident

  azure-openaiazure-sentinelazure-sentinel-playbookmicrosoftmicrosoft-azuremicrosoft-sentinel
  1

• MartinPankraz / Security-Insights-2-Action

  Content supporting the Microsoft hands-on at DSAG Technology Days March 2023

  auditazurelogic-appsmicrosoft-sentinelsapsecuritysentinel
  1

• timtim589 / WorkspaceManager

  This workspace contains all the code (ARM templates and PowerShell) referenced inside my Medium article about the Sentinel Workspace Manager.

  microsoft-sentinelworkspace-manager
  Language:PowerShell 1

• hisashin0728 / AADIDPCustomRuleForSentinel

  Azure Active Directory Identity Protection Custom Rule for Microsoft Sentinel

  azuremicrosoftmicrosoft-azuremicrosoft-sentinel
  0

• joelst / AzLighthouse

  Managing Microsoft Sentinel with Azure Lighthouse

  armtemplatesazure-lighthousemicrosoftmicrosoft-sentinelmicrosoftsentinelsentinel
  Language:PowerShell 0

• Accelerynt-Security / AS-Azure-AD-Disable-User

  Disable Azure AD user accounts from Microsoft Sentinel incidents

  azure-active-directorymicrosoft-sentinel

• Accelerynt-Security / AS-Azure-AD-Enable-User

  Enable Azure AD user accounts from Microsoft Sentinel incidents

  azure-active-directorymicrosoft-sentinel

• Accelerynt-Security / AS-Block-GitHub-User

  Block GitHub users from Microsoft Sentinel incidents

  github-apiincident-responsemicrosoft-sentinel
  Language:JavaScript

• Accelerynt-Security / AS-Block-Hash-in-Defender

  Block File Hashes found in Microsoft Sentinel Incidents in Defender

  incident-responsemicrosoft-defendermicrosoft-sentinelsha256-hash

• Accelerynt-Security / AS-Disable-Azure-AD-User-From-Entity

  Disable Azure AD user accounts from Microsoft Sentinel account entities

  azure-adentityentra-idmicrosoft-sentinel

• Accelerynt-Security / AS-Edgescan-Integration

  Pull Edgescan assets, hosts, and vulnerabilities into Microsoft Sentinel custom logs

  edgescan-servicesmicrosoft-sentinel

• Accelerynt-Security / AS-Enable-Azure-AD-User-From-Entity

  Enable Azure AD user accounts from Microsoft Sentinel account entities

  azure-adentityentra-idmicrosoft-sentinel

• Accelerynt-Security / AS-Incident-Host-Exposure-Level

  Add comments containing Microsoft Defender exposure level to Microsoft Sentinel incidents

  microsoft-defendermicrosoft-sentinel

• Accelerynt-Security / AS-Remove-Domains-from-Zscaler-URL-Category

  Extract domains from Microsoft Sentinel incidents and remove them from a Zscaler custom URL category

  microsoft-sentinelurl-categoryzscaler

• Accelerynt-Security / AS-Revoke-Azure-AD-User-Session-From-Entity

  Revoke Entra ID user sessions from Microsoft Sentinel entities

  entra-idmicrosoft-sentinel

• Accelerynt-Security / AS-Sign-Out-Google-User

  Sign out Google users from Microsoft Sentinel incidents

  google-apimicrosoft-sentinel
  Language:Python

• ITPG-Security / Firewall-Blocker

  App to ingest Threat Intelligence (TI) into a Firewall

  csharpdotnetmicrosoft-sentinelsonicwallthreat-intelligence
  Language:C#