Cyber security

Sentinel Automation – Streamlining Security Operations With Enhanced Incident Management

This repository provides automation solutions for Microsoft Sentinel. The repository is focused on Logic Apps/Playbooks. The solutions are aimed to:

  • Enrich Incidents
  • Perform Incident Response Steps
  • Create new detections

Presenting this material as your own is illegal and forbidden. A reference to Twitter @BertJanCyber or Github @Bert-JanP is much appreciated when sharing or using the content.

How To Use The Automation Flows?

Automation Rule

Automation rules can be used to automatically run a playbook once an incident is created or changed.

  1. Go to Automation in Microsoft Sentinel.
  2. Create
  3. Automation Rule (or Playbook depending on trigger)
  4. Select your playbook
  5. Apply

Manual Trigger

After the first triage of an incident a security analyst may determine that more information is needed, Playbooks can be used to provide the analyst with this information.

There are different options to trigger the Playbook for execution, one is shown below.

  1. Open a Sentinel Incident
  2. Incident Actions
  3. Run Playbook
  4. Select the Playbook you want to run
  5. Run
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

10 hours ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

12 hours ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

14 hours ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

14 hours ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

14 hours ago

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

1 day ago