Skip to content

v0.4.0 — Sentinel detection depth

Choose a tag to compare

@ibondarenko1 ibondarenko1 released this 23 May 18:34

+7 Sentinel posture checks targeting the operational surfaces a real SOC engineer monitors weekly.

New Sentinel checks

  • Data connectors configured. Zero connectors = structurally limited detection coverage. P2 finding when empty.
  • Workbooks deployed. Visibility dashboards over Sentinel data. Microsoft publishes 50+ free templates.
  • Hunting queries available. Proactive analyst layer above scheduled analytics rules.
  • Automation playbooks (Logic Apps). SOAR functionality for incident response automation.
  • Watchlists configured. Curated reference data (high-value assets, terminated employees, VIP users).
  • UEBA Entity Analytics enabled. Behavioral baseline scoring (requires Entra ID P2).
  • Threat Intelligence indicators. Sentinel TI feed ingestion (MISP, AlienVault OTX, MDTI).

Each carries documentation_url linking the relevant Microsoft Learn article.

End-to-end mock now produces 49 findings

Up from 42 in v0.3.0. Distribution: 2 P1, 9 P2, 22 P3, 16 INFO. The growing P3 count is expected — many Sentinel features are best-practice rather than critical-gap.

Test coverage

114 Pester tests passing.

Roadmap note

v0.5.0 will land Defender O365 +10 + Defender for Cloud +8 depth checks together with CI matrix (PS5.1, PS7 on Win/Linux/Mac) and Codecov integration. v0.6.0 adds documentation depth (walkthroughs, threat model, ADRs).