Microsoft Sentinel | BLUE TEAMS ACADEMY

📄️ Atomic Red Team Sentinel Workbook

This workbook helps you assess your Microsoft Sentinel Analytics Detection coverage against a threat Actor/profile.Furthermore, this tool enables defenders to start aligning their Sentinel day-to-day SOC operations with the MITRE ATT&CK framework.

📄️ Microsoft Sentinel CALDERA Playbook and Workbook

MICROSOFT SENTINEL CALDERA PLAYBOOK AND WORKBOOK

📄️ Microsoft Sentinel: Using Custom Logs and DNSTwist to Monitor Malicious Similar Domains

In this article, we are going to explore how to monitor similar domains to yours, in order to protect your users from being victims of social engineering attacks.

📄️ Filebeat Logstash to Microsoft Sentinel

Filebeat Logstash to Azure Sentinel

📄️ Microsoft Defender For Cloud: Attack Paths Microsoft Sentinel Workbook

This Microsoft Sentinel Workbook offers a comprehensive visual representation of the attack paths identified by Microsoft Defender for Cloud. Through intuitive graphs, charts, and color-coded indicators, users can quickly assess the severity and nature of attacks, enabling timely and informed decision-making.

📄️ Automated Threat-Informed Defense Assessment Tool

image

📄️ Azure Security Center and Security Hygiene: Small Steps, Big Impact

“Great things are done by a series of small things brought together.“ - Vincent Van Gogh

📄️ Defender For Endpoint Alerts 2 Sentinel Log Analytics Workspace

made-with-python

📄️ Fusion: Unified MITRE ATT&CK Navigation Layer Script

This Python script automates the collection of MITRE ATT&CK navigation layers and combines them into a single unified navigation layer. It is designed to help cybersecurity professionals and researchers easily aggregate tactics, techniques, and procedures (TTPs) from multiple sources, facilitating a comprehensive overview of attack patterns and behaviors.

📄️ Insider Threat TTP Knowledge Base - Microsoft Sentinel Coverage

It is a Python script designed to bridge a crucial gap in cybersecurity defense mechanisms, specifically in the integration between Microsoft Sentinel SIEM (Security Information and Event Management) and the MITRE ATT&CK Insider Threat TTP Knowledge Base v2.

📄️ How to develop a MITRE ATT&CK Microsoft Copilot bot, Integrate it with Teams and Monitor it with Microsoft Sentinel.

Introduction

📄️ Microsoft Defender XDR and CISA KEV Mapping Tool

Overview

📄️ Microsoft Sentinel SIGMA Rules Workbook

📄️ Microsoft Sentinel SOC Optimization Report Generator

The Microsoft Sentinel SOC Optimization Report Generator is a tool designed to automate the creation of SOC optimization reports. It leverages Microsoft Sentinel’s recommendations to help organizations close coverage gaps against specific threats and fine-tune data ingestion, ensuring a focus on security-relevant information for improved threat detection and SOC efficiency.

📄️ Microsoft Sentinel SOC Optimization TTP Aligner

Overview

📄️ Microsoft Sentinel: Process Hollowing T1055.012 Analysis

In this article, we are going to explore a technique called Process Hollowing.

📄️ Sentinel 2 D3FEND

made-with-python

📄️ Sentinel 2 ATT&CK Flow

Enhancing ATT&CK Flow Diagrams with Microsoft Sentinel Detection Insights!

📄️ Sentinel2ATTACKv2

Sentinel2ATTACKv2 is a Python script designed for cybersecurity professionals and organizations utilizing Microsoft Sentinel as their SIEM (Security Information and Event Management) solution. This tool addresses a pivotal need within the cybersecurity ecosystem: the extraction of Techniques, Tactics, and Procedures (TTPs) from alerts generated by Microsoft Sentinel and the subsequent generation of a MITRE ATT&CK navigation layer. This functionality fills a significant gap in current capabilities, providing users with actionable insights into their security posture relative to the comprehensive threat models defined by the MITRE ATT&CK framework.

📄️ Sentinel2Attack

This Python code snippet extracts MITRE Framework techniques from: