Sentinel-Attack : Tools To Rapidly Deploy A Threat Hunting Capability On Azure Sentinel

Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel

Overview

Sentinel ATT&CK provides the following tools:

• An ARM template to automatically deploy Sentinel ATT&CK to your Azure environment
• A Sysmon configuration file compatible with Azure Sentinel and mapped to specific ATT&CK techniques
• A Sysmon log parser mapped against the OSSEM data model
• 117 ready-to-use Kusto detection rules covering 156 ATT&CK techniques
• A Sysmon threat hunting workbook inspired by the Threat Hunting App for Splunk to help simplify threat hunts
• A Terraform script to provision a lab to test Sentinel ATT&CK
• Comprehensive guidance to help you use the materials in this repository

Usage

Head over to the WIKI to learn how to deploy and run Sentinel ATT&CK.