ποΈ Atomic Red Team Sentinel Workbook
This workbook helps you assess your Microsoft Sentinel Analytics Detection coverage against a threat Actor/profile.Furthermore, this tool enables defenders to start aligning their Sentinel day-to-day SOC operations with the MITRE ATT&CK framework.
ποΈ Microsoft Sentinel CALDERA Playbook and Workbook
MICROSOFT SENTINEL CALDERA PLAYBOOK AND WORKBOOK
ποΈ Microsoft Sentinel: Using Custom Logs and DNSTwist to Monitor Malicious Similar Domains
In this article, we are going to explore how to monitor similar domains to yours, in order to protect your users from being victims of social engineering attacks.
ποΈ Filebeat Logstash to Microsoft Sentinel
Filebeat Logstash to Azure Sentinel
ποΈ Microsoft Defender For Cloud: Attack Paths Microsoft Sentinel Workbook
This Microsoft Sentinel Workbook offers a comprehensive visual representation of the attack paths identified by Microsoft Defender for Cloud. Through intuitive graphs, charts, and color-coded indicators, users can quickly assess the severity and nature of attacks, enabling timely and informed decision-making.
ποΈ Automated Threat-Informed Defense Assessment Tool
image
ποΈ Azure Security Center and Security Hygiene: Small Steps, Big Impact
βGreat things are done by a series of small things brought together.β - Vincent Van Gogh
ποΈ Defender For Endpoint Alerts 2 Sentinel Log Analytics Workspace
made-with-python
ποΈ Fusion: Unified MITRE ATT&CK Navigation Layer Script
This Python script automates the collection of MITRE ATT&CK navigation layers and combines them into a single unified navigation layer. It is designed to help cybersecurity professionals and researchers easily aggregate tactics, techniques, and procedures (TTPs) from multiple sources, facilitating a comprehensive overview of attack patterns and behaviors.
ποΈ Insider Threat TTP Knowledge Base - Microsoft Sentinel Coverage
It is a Python script designed to bridge a crucial gap in cybersecurity defense mechanisms, specifically in the integration between Microsoft Sentinel SIEM (Security Information and Event Management) and the MITRE ATT&CK Insider Threat TTP Knowledge Base v2.
ποΈ How to develop a MITRE ATT&CK Microsoft Copilot bot, Integrate it with Teams and Monitor it with Microsoft Sentinel.
Introduction
ποΈ Microsoft Sentinel SIGMA Rules Workbook
This workbook helps you assess your Microsoft Sentinel Analytics Detection coverage against a threat Actor/profile.Furthermore, this tool enables defenders to start aligning their Sentinel day-to-day SOC operations with the MITRE ATT&CK framework.
ποΈ Microsoft Sentinel: Process Hollowing T1055.012 Analysis
In this article, we are going to explore a technique called Process Hollowing.
ποΈ Sentinel 2 D3FEND
made-with-python
ποΈ Sentinel 2 ATT&CK Flow
Enhancing ATT&CK Flow Diagrams with Microsoft Sentinel Detection Insights!
ποΈ Sentinel2ATTACKv2
Sentinel2ATTACKv2 is a Python script designed for cybersecurity professionals and organizations utilizing Microsoft Sentinel as their SIEM (Security Information and Event Management) solution. This tool addresses a pivotal need within the cybersecurity ecosystem: the extraction of Techniques, Tactics, and Procedures (TTPs) from alerts generated by Microsoft Sentinel and the subsequent generation of a MITRE ATT&CK navigation layer. This functionality fills a significant gap in current capabilities, providing users with actionable insights into their security posture relative to the comprehensive threat models defined by the MITRE ATT&CK framework.
ποΈ Sentinel2Attack
This Python code snippet extracts MITRE Framework techniques from: