Azure-Sentinel
Our great sponsors
Azure-Sentinel | Graylog_3.0_Content_Pack_Active_Directory_Auditing | |
---|---|---|
37 | 2 | |
4,259 | 17 | |
3.6% | - | |
10.0 | 0.0 | |
6 days ago | about 5 years ago | |
Jupyter Notebook | ||
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Azure-Sentinel
- Playbook/Guide for responding to specific incident
-
Create Sentinel Incident through MS Forms and Automate?
Azure-Sentinel/Playbooks/CreateIncident-SharedMailbox at master · Azure/Azure-Sentinel · GitHub
-
Correlate what tables/logs/connectors are being used by active analytics (detection's)
They recently reorganized the GitHub: https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/LogSourcesAndAnalyticRulesCoverage.json
-
Threat Hunting
Have you checkout out the azure playbook templates? https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks
-
Message patterns for AzureFirewallNetworkRule log category
The best option I could find so far is inferring the format by reading the source code at https://github.com/Azure/Azure-Sentinel/blob/master/Parsers/AzureFirewall/AzureFirewallNetworkRule.kql.
-
What are some good custom detection rules for Sentinel?
There is a ton on Github. Have a look here -> https://github.com/Azure/Azure-Sentinel/wiki
-
Alert rules for Active Directory domain controllers hosted in Azure
Also see the Sentinel repository on GitHub for a ton of queries to reference: https://github.com/Azure/Azure-Sentinel
-
Playbooks
All the json files are stored in MS Sentinels github repo: https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks. You do not need to export them yourself. You can copy the raw json file from the repository.
- Use Case automation
-
Converting syslog to CEF format for Sentinel ingestion
here you can find various other types: https://github.com/Azure/Azure-Sentinel/tree/master/Parsers
Graylog_3.0_Content_Pack_Active_Directory_Auditing
-
Installed Graylog. 7 million log entries per month. Now what?
Then you can go about making dashboards for high level information around the logs you are collecting. They used to have awesome ones in their marketplace but have since removed them for some reason. Here is a reference to one of them https://github.com/aydnyldrm/Graylog_3.0_Content_Pack_Active_Directory_Auditing
- Using Repadmin To Detect Active Directory Changes
What are some alternatives?
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
security_content - Splunk Security Content
Microsoft-365-Defender-Hunting-Queries - Sample queries for Advanced hunting in Microsoft 365 Defender
hid-examples - Examples to accompany the book "Haskell in Depth"
CyberThreatHunting - A collection of resources for Threat Hunters - Sponsored by Falcon Guard
cybersecurity-resources - Resources for learning about cybersecurity and CTFs
azure-docs - Open source documentation of Microsoft Azure
h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.
aws-customer-playbook-framework - This repository provides sample templates for security playbooks against various scenarios when using Amazon Web Services.
aws-incident-response-playbooks-workshop
Azure-Sentinel-Notebooks - Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.
SIGMA-detection-rules - Set of SIGMA rules (>320) mapped to MITRE ATT&CK tactic and techniques