Azure-Sentinel
CyberThreatHunting
Our great sponsors
Azure-Sentinel | CyberThreatHunting | |
---|---|---|
37 | 1 | |
4,179 | 781 | |
5.8% | - | |
10.0 | 4.3 | |
6 days ago | 4 months ago | |
Jupyter Notebook | Python | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Azure-Sentinel
- Playbook/Guide for responding to specific incident
-
Alert rules for Active Directory domain controllers hosted in Azure
Also see the Sentinel repository on GitHub for a ton of queries to reference: https://github.com/Azure/Azure-Sentinel
-
Converting syslog to CEF format for Sentinel ingestion
here you can find various other types: https://github.com/Azure/Azure-Sentinel/tree/master/Parsers
-
Installed Graylog. 7 million log entries per month. Now what?
Depending on whether this is up your alley either look for a MSSP/MDR/Managed BlaBla provider or head on to - https://github.com/splunk/security_content - https://www.elastic.co/guide/en/security/current/prebuilt-rules.html - https://github.com/mdecrevoisier/SIGMA-detection-rules - https://github.com/Azure/Azure-Sentinel to get an idea of what to look for. MITRE ATT&CK and the related DETT&CT should serve as an additional eye opener. Ah yes - forgot the bible on log management from Anton Chuvakin in the above list.
- Any good threat hunting resources? Looking for query libraries.
-
MSP SIEM Solution
Projects to look into: https://github.com/Azure/Azure-Sentinel https://github.com/Azure/Azure-Sentinel-Notebooks
CyberThreatHunting
What are some alternatives?
Microsoft-365-Defender-Hunting-Queries - Sample queries for Advanced hunting in Microsoft 365 Defender
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
hid-examples - Examples to accompany the book "Haskell in Depth"
cybersecurity-resources - Resources for learning about cybersecurity and CTFs
azure-docs - Open source documentation of Microsoft Azure
h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.
aws-customer-playbook-framework - This repository provides sample templates for security playbooks against various scenarios when using Amazon Web Services.
aws-incident-response-playbooks-workshop
ThreatHunting_with_Osquery - Threat Hunting & Incident Investigation with Osquery
AzureHunter - A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
Azure-Sentinel-Notebooks - Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.
Graylog_3.0_Content_Pack_Active_Directory_Auditing