Clone this wiki locally
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
Microsoft Sentinel provides a platform for different data sources to come together. Different types of contributions like hunting, detection and investigation queries, automated workflows, visualizations, and much more can be built to use one or many of these data sources. These contributions enable relevant security insights for automated hunting, alerting, incident tracking, investigations and response experiences in Microsoft Sentinel.
Microsoft Sentinel Community provides a forum for the community members, aka, Threat Hunters, to join in and submit these contributions via GitHub Pull Requests or contribution ideas as GitHub Issues. These contributions can be just based on your idea of the value to enterprise your contribution provides or can be from the GitHub open issues list or even enhancements to existing contributions. Refer to the Get Started section to flow in your submissions and earn points and cool badges!
The Threat Hunters leaderboard is to recognize you for all your valuable contributions to this Microsoft Sentinel GitHub repository! Check out the leaderboard for the current top 20 Threat Hunters.
In addition to the leaderboard points, we have badges that you can level up to. There are three types of badges: Checkpoint badges, Achiever badges and Exclusive badges.
- The Checkpoint badges recognize the number of contributions made
- The Achiever badges are awarded as you progress and explore different contribution areas in Microsoft Sentinel. The list of Achiever badges is as follows:
- Baby Threat Hunter - Start by making a few contributions
- Threat Hunter on a roll - Make multiple contributions in a short time span
- Bug Hunter - Excel at Hunting query submissions
- Renaissance coder - Excel at all the contribution areas in Microsoft Sentinel
- Teach Yoda - Submit good suggestions on how we can improve Microsoft Sentinel
- Soaring in the Cloud - Microsoft Sentinel data connector master
- The Exclusive badges come out spontaneously and are available for a limited time - Keep an eye out for special Exclusive badges!
You can contribute any of the following to enhance Microsoft Sentinel end-to-end customer experiences. Mash up multiple Microsoft Sentinel data sources for enriched experiences.
The table in this section outlines the following information for each contribution type to get started.
- Value the specific contribution provides in Microsoft Sentinel
- Link to relevant product feature documentation that details the experience the contribution will enable
- Link to contribution guidance to help get you started on building out your contribution
- Additional resources to assist you in developing and validating your contributions
Functionally validate whether your contribution works by trying it out in Microsoft Sentinel. The respective product documentation linked above will provide information on how your contribution can be consumed in Azure Sentinel. Besides this, at the time of submitting your Pull Request, automatic GitHub validations using Azure Pipelines is enabled on this repository for basic syntactical checks of the contributions. Follow the test guidance to add any additional tests needed to validate specific scenarios for your contributions as needed.
After you have developed and tested your contribution works as expected, follow the general contribution guidelines for Microsoft Sentinel to open a Pull Request to submit your contribution. We will review your submission prior to merging your PR within 7 days.
We value your feedback. Here are some channels to help surface your questions or feedback:
- General product specific Q&A – Join in the Microsoft Sentinel Tech Community conversations
- Product specific feature requests – Upvote or post new on Microsoft Sentinel user voice
- Product specific bugs - File a Microsoft Sentinel support ticket
- Report content you'd like to see in this repo or bugs for content in this repo / contribution bugs – File a GitHub Issue using Bug template
- General feedback on community, content and contribution process – File a GitHub Issue using Feature Request template
We can connect on these Social Media channels as well: