Sentinel-Attack : Tools To Rapidly Deploy A Threat Hunting Capability On Azure Sentinel

Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel

Overview

Sentinel ATT&CK provides the following tools:

An ARM template to automatically deploy Sentinel ATT&CK to your Azure environment
A Sysmon configuration file compatible with Azure Sentinel and mapped to specific ATT&CK techniques
A Sysmon log parser mapped against the OSSEM data model
117 ready-to-use Kusto detection rules covering 156 ATT&CK techniques
A Sysmon threat hunting workbook inspired by the Threat Hunting App for Splunk to help simplify threat hunts
A Terraform script to provision a lab to test Sentinel ATT&CK
Comprehensive guidance to help you use the materials in this repository

Usage

Head over to the WIKI to learn how to deploy and run Sentinel ATT&CK.

Related

Azure AD Attack & Defense Playbook

September 27, 2023

In "Cyber security"

ThreatHunting : A Splunk App Mapped To MITRE ATT&CK

August 13, 2019

In "Kali Linux"

Protecting Kubernetes Deployments with Azure Sentinel

January 12, 2023

In "Cyber security"

R K

Next Nipe : An Engine To Make Tor Network Your Default Gateway »

Previous « AzureRT : A Powershell Module Implementing Various Azure Red Team Tactics

Leave a Comment

Share

Published by

R K

Tags: Azure SentinelMITRE ATT&CKSentinel-AttackSysmon

4 years ago

Recent Posts

Cyber security

Cyberattack or Smoke and Mirrors? The Truth Behind the Alleged Dimona Nuclear Breach

In a recent cyber incident, a group named CARDINAL, associated with the label Russian Legion,…

4 hours ago

OSINT

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

4 days ago

Top 10 Series

Best Linux Distros in 2026

Linux is renowned for its versatility, open-source nature, and security. Whether you're a beginner, developer,…

4 days ago

Cyber security

Top 10 Cyber Insurance Companies in 2026

Cyber insurance helps businesses and individuals mitigate financial losses from data breaches, ransomware, extortion, legal…

4 days ago

Cyber security

Ransomware Incident Response

Ransomware is one of the most dangerous and destructive forms of cybercrime today. With cybercriminals…

4 days ago

TECH

Best Social Media Search Engines and Tools for 2026

Social media is a key part of our daily lives, with millions of users sharing…

4 days ago

L