Azure related content

Microsoft Sentinel Custom Content

This Repository provides notification to Microsoft Teams by Adaptive Card.

MaxMind Geo and ASN Data for Kusto

This repository offers tools and scripts for mapping and visualizing Microsoft Sentinel data. It includes utilities for extracting, analyzing, and presenting security information from Sentinel, helping to create detailed security maps and dashboards for improved threat analysis.

Terraform modules for deploying and managing Azure workbooks.

Sentinal capabilities implemented

KQL Local Manager, allows you to manage and organize KQL Queries in a central Database.

Simple KQL query that can be run either in MD for Endpoint (Threat hunting or Custom indicator) or in Azure Sentinel (Threat hunting or analytics rule).It's looking for 4 known IOCs related to the Kaseya attack

AutoClosing-SAMPLEALERT-FromMDfC

This repository provides summarization Schedule Analytics Rules in Sentinel Incident

Threat-Hunting KQL query which identifies machines that utilize powershell, cmd or wmic to connect to any URL that includes “cdn.discordapp.com” ,where the action was initiated by a script execution ( .vbs , .bat etc)

Collection of Azure Sentinel - Analytics Rules (Template)

My KQL queries :) Feel free to use and improve them.

This repository provides a comprehensive guide and scripts for setting up and managing Microsoft Sentinel. It includes step-by-step instructions and automation tools for configuring Sentinel, integrating data sources, and creating security alerts and dashboards for enhanced threat detection.

Microsoft related PowerShell scripts and KQL queries

A containerized Logstash ready to send data to Log Analytics or Event Hub

This project used for convert azure sentinel rules to excel

Microsoft Sentinel / Azure Open AI 演習のレポジトリです。