hid-examples
Azure-Sentinel
Our great sponsors
| hid-examples | Azure-Sentinel | |
|---|---|---|
| 1 | 37 | |
| 242 | 4,271 | |
| - | 3.9% | |
| 5.1 | 10.0 | |
| 6 months ago | 6 days ago | |
| Haskell | Jupyter Notebook | |
| BSD 3-clause "New" or "Revised" License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hid-examples
-
StateT transformer with traverse
I am reading Haskell in Depth from manning. I am trying to understand the following code, which you can find on Github here. I have edited the file a bit to remove the unnecessary parts.
Azure-Sentinel
- Playbook/Guide for responding to specific incident
-
Create Sentinel Incident through MS Forms and Automate?
Azure-Sentinel/Playbooks/CreateIncident-SharedMailbox at master · Azure/Azure-Sentinel · GitHub
-
Correlate what tables/logs/connectors are being used by active analytics (detection's)
They recently reorganized the GitHub: https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/LogSourcesAndAnalyticRulesCoverage.json
-
Threat Hunting
Have you checkout out the azure playbook templates? https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks
-
Message patterns for AzureFirewallNetworkRule log category
The best option I could find so far is inferring the format by reading the source code at https://github.com/Azure/Azure-Sentinel/blob/master/Parsers/AzureFirewall/AzureFirewallNetworkRule.kql.
-
What are some good custom detection rules for Sentinel?
There is a ton on Github. Have a look here -> https://github.com/Azure/Azure-Sentinel/wiki
-
Alert rules for Active Directory domain controllers hosted in Azure
Also see the Sentinel repository on GitHub for a ton of queries to reference: https://github.com/Azure/Azure-Sentinel
-
Playbooks
All the json files are stored in MS Sentinels github repo: https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks. You do not need to export them yourself. You can copy the raw json file from the repository.
- Use Case automation
-
Converting syslog to CEF format for Sentinel ingestion
here you can find various other types: https://github.com/Azure/Azure-Sentinel/tree/master/Parsers
What are some alternatives?
parconc-examples - Sample code to accompany the book "Parallel and Concurrent Programming in Haskell"
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
require - 🔌 Scrap your qualified import clutter
Microsoft-365-Defender-Hunting-Queries - Sample queries for Advanced hunting in Microsoft 365 Defender
status-notifier-item - A Haskell implementation of the StatusNotifierItem protocol (https://www.freedesktop.org/wiki/Specifications/StatusNotifierItem/).
CyberThreatHunting - A collection of resources for Threat Hunters - Sponsored by Falcon Guard
hdiff - Hash-based Diffing for AST's
cybersecurity-resources - Resources for learning about cybersecurity and CTFs
no-role-annots - Role annotations without -XRoleAnnotations
azure-docs - Open source documentation of Microsoft Azure
h4cker - This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.