The script is used in this demo where I setup Azure Sentinel (SIEM) and connect it to a live virtual machine acting as a honey pot. We will observe live attacks (RDP Brute Force) from all around the world. I will use a custom PowerShell script to look up the attackers Geolocation information and plot it on an Azure Sentinel Map!
- PowerShell: Extract RDP failed logon logs from Windows Event Viewer
- ipgeolocation.io: IP Address to Geolocation API
