A containerized Logstash ready to send data to Log Analytics or Event Hub
-
Updated
Jan 24, 2021
A containerized Logstash ready to send data to Log Analytics or Event Hub
This project used for convert azure sentinel rules to excel
Simple KQL query that can be run either in MD for Endpoint (Threat hunting or Custom indicator) or in Azure Sentinel (Threat hunting or analytics rule).It's looking for 4 known IOCs related to the Kaseya attack
Threat-Hunting KQL query which identifies machines that utilize powershell, cmd or wmic to connect to any URL that includes “cdn.discordapp.com” ,where the action was initiated by a script execution ( .vbs , .bat etc)
Azure ARM (bicep) template for deploying a high availability syslog/CEF forwarder setup using Azure VMs.
Microsoft related PowerShell scripts and KQL queries
Parse pfSense/OPNSense logs using Logstash, GeoIP tag entities, add additional context to logs, then send to Azure Sentinel for analysis.
Collection of Azure Sentinel - Analytics Rules (Template)
Collection of Azure Sentinel - Playbook | Logic App (Template)
Collection of Azure Monitor or Sentinel Kusto Queries
Repository with Sample KQL Query examples for Threat Hunting
Azure related content
A technical blog about Kusto
AutoClosing-SAMPLEALERT-FromMDfC
This repository provides summarization Schedule Analytics Rules in Sentinel Incident
This Repository provides notification to Microsoft Teams by Adaptive Card.
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Add a description, image, and links to the azure-sentinel topic page so that developers can more easily learn about it.
To associate your repository with the azure-sentinel topic, visit your repo's landing page and select "manage topics."