Sentinel-Attack : Tools To Rapidly Deploy A Threat Hunting Capability On Azure Sentinel

Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel

Overview

Sentinel ATT&CK provides the following tools:

An ARM template to automatically deploy Sentinel ATT&CK to your Azure environment
A Sysmon configuration file compatible with Azure Sentinel and mapped to specific ATT&CK techniques
A Sysmon log parser mapped against the OSSEM data model
117 ready-to-use Kusto detection rules covering 156 ATT&CK techniques
A Sysmon threat hunting workbook inspired by the Threat Hunting App for Splunk to help simplify threat hunts
A Terraform script to provision a lab to test Sentinel ATT&CK
Comprehensive guidance to help you use the materials in this repository

Usage

Head over to the WIKI to learn how to deploy and run Sentinel ATT&CK.

Related

Azure AD Attack & Defense Playbook

September 27, 2023

In "Cyber security"

ThreatHunting : A Splunk App Mapped To MITRE ATT&CK

August 13, 2019

In "Kali Linux"

Protecting Kubernetes Deployments with Azure Sentinel

January 12, 2023

In "Cyber security"

R K

Next Nipe : An Engine To Make Tor Network Your Default Gateway »

Previous « AzureRT : A Powershell Module Implementing Various Azure Red Team Tactics

Leave a Comment

Share

Published by

R K

Tags: Azure SentinelMITRE ATT&CKSentinel-AttackSysmon

4 years ago

Recent Posts

Tutorials

Best OSINT Tools for Journalists 2026: Verify Sources, Images and Claims

Journalists use OSINT to verify public information before publishing. In 2026, misinformation, AI-generated images, fake…

9 hours ago

How To

Install Docker on Ubuntu 20.04: Complete Step-by-Step Guide

Docker is an open-source platform that lets you package and run applications inside containers. Each container…

20 hours ago

How To

Install PostgreSQL on Ubuntu: Database Setup and Admin Guide

PostgreSQL (often called Postgres) is an open-source relational database system. It supports advanced features like JSON…

21 hours ago

How To

Install Xrdp Remote Desktop on Ubuntu: Setup and Connect

Xrdp is an open-source server that lets you connect to your Ubuntu machine from another computer…

21 hours ago

How To

Tomcat 9 on Ubuntu 20.04: Install, Configure, and Start

Apache Tomcat is an open-source web server and Java servlet container. It is one of the…

21 hours ago

How To

Automatic Updates on Ubuntu: Set Up unattended-upgrades

Keeping your Ubuntu system updated is one of the best ways to protect it. Security…

22 hours ago

L