Sentinel-Attack : Tools To Rapidly Deploy A Threat Hunting Capability On Azure Sentinel

Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel

Sentinel ATT&CK provides the following tools:

An ARM template to automatically deploy Sentinel ATT&CK to your Azure environment
A Sysmon configuration file compatible with Azure Sentinel and mapped to specific ATT&CK techniques
A Sysmon log parser mapped against the OSSEM data model
117 ready-to-use Kusto detection rules covering 156 ATT&CK techniques
A Sysmon threat hunting workbook inspired by the Threat Hunting App for Splunk to help simplify threat hunts
A Terraform script to provision a lab to test Sentinel ATT&CK
Comprehensive guidance to help you use the materials in this repository

Head over to the WIKI to learn how to deploy and run Sentinel ATT&CK.

R K

LitterBox : The Ultimate Sandbox Environment For Malware Testing And Red Team Operations

Your malware's favorite sandbox - where red teamers come to bury their payloads. A sandbox…

4 hours ago

Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new…

4 hours ago

This article delves into our comprehensive training program designed to teach you the intricacies of…

4 hours ago

BloodHound.py is a Python based ingestor for BloodHound, based on Impacket. The code in this…

4 hours ago

In 2025 I wanted to try something new. In addition to a traditional 100 days…

3 days ago

presenterm lets you create presentations in markdown format and run them from your terminal, with…

3 days ago