Skip to content

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

License

Notifications You must be signed in to change notification settings

EbryxLabs/sentinel-attack

This branch is 24 commits behind netevert/sentinel-attack:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

3658370 · Nov 6, 2020
Jul 23, 2020
Nov 6, 2020
Jun 11, 2020
Jul 17, 2020
Jul 11, 2020
Jun 21, 2020
Feb 21, 2020
Aug 6, 2019
Aug 7, 2019
Mar 3, 2020
Jul 23, 2020
Jul 10, 2020
Jun 3, 2020

Repository files navigation

Icon

GitHub release Maintenance PRs Welcome

Deploy to Azure

Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel.

DISCLAIMER: This tool requires tuning and investigative trialling to be truly effective in a production environment.

demo

Overview

Sentinel ATT&CK provides the following tools:

Usage

Head over to the WIKI to learn how to deploy and run Sentinel ATT&CK.

A copy of the DEF CON 27 cloud village presentation introducing Sentinel ATT&CK can be found here and here.

Contributing

As this repository is constantly being updated and worked on, if you spot any problems we warmly welcome pull requests or submissions on the issue tracker.

Authors and contributors

Sentinel ATT&CK is built with ❤ by:

  • Edoardo Gerosa Twitter Follow

Special thanks go to the following contributors:

About

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Languages

  • HCL 54.1%
  • PowerShell 45.9%