Ecosyste.ms: Repos
An open API service providing repository metadata for many open source software ecosystems.
GitHub topics: microsoft-sentinel
ep3p/Sentinel_KQL
In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).
Size: 3.5 MB - Last synced: about 3 hours ago - Pushed: about 18 hours ago - Stars: 92 - Forks: 19
briandelmsft/SentinelAutomationModules
The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
Language: PowerShell - Size: 46.4 MB - Last synced: 3 days ago - Pushed: 4 days ago - Stars: 196 - Forks: 54
cyb3rmik3/KQL-threat-hunting-queries
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
Size: 285 KB - Last synced: 19 days ago - Pushed: 19 days ago - Stars: 441 - Forks: 50
Accelerynt-Security/AS-Revoke-Azure-AD-User-Session-From-Entity
Revoke Entra ID user sessions from Microsoft Sentinel entities
Size: 3.37 MB - Last synced: 22 days ago - Pushed: 22 days ago - Stars: 0 - Forks: 0
Accelerynt-Security/AS-Revoke-Azure-AD-User-Session-From-Incident
Revoke Entra ID user sessions from Microsoft Sentinel incidents
Size: 1.92 MB - Last synced: 22 days ago - Pushed: 22 days ago - Stars: 4 - Forks: 1
eshlomo1/Microsoft-Sentinel-SecOps
Microsoft Sentinel SOC Operations
Language: PowerShell - Size: 6.95 MB - Last synced: 20 days ago - Pushed: 8 months ago - Stars: 231 - Forks: 61
reversinglabs/reversinglabs-siem-rules
A collection of various SIEM rules relating to malware family groups.
Language: YARA - Size: 160 KB - Last synced: about 2 months ago - Pushed: about 2 months ago - Stars: 56 - Forks: 6
joelst/AzLighthouse
Managing Microsoft Sentinel with Azure Lighthouse
Language: PowerShell - Size: 73.2 KB - Last synced: about 2 months ago - Pushed: about 2 months ago - Stars: 0 - Forks: 0
ITPG-Security/Firewall-Blocker
App to ingest Threat Intelligence (TI) into a Firewall
Language: C# - Size: 98.6 KB - Last synced: 2 months ago - Pushed: 2 months ago - Stars: 0 - Forks: 0
Ditectrev/Microsoft-Azure-AZ-500-Azure-Security-Engineer-Practice-Tests-Exams-Questions-Answers
⛳️ PASS: Microsoft Azure AZ-500 (Azure Security Engineer Associate) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.
Size: 16.1 MB - Last synced: 2 months ago - Pushed: 2 months ago - Stars: 1 - Forks: 8
EEN421/KQL-Queries
Ian Hanley's deceptively simple KQL queries.
Size: 124 KB - Last synced: 5 months ago - Pushed: 5 months ago - Stars: 38 - Forks: 7
Cyb3r-Monk/Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Language: Jupyter Notebook - Size: 316 KB - Last synced: 5 months ago - Pushed: 5 months ago - Stars: 500 - Forks: 80
Accelerynt-Security/AS-Enable-Azure-AD-User-From-Entity
Enable Azure AD user accounts from Microsoft Sentinel account entities
Size: 2.33 MB - Last synced: 6 months ago - Pushed: 6 months ago - Stars: 0 - Forks: 0
Accelerynt-Security/AS-Disable-Azure-AD-User-From-Entity
Disable Azure AD user accounts from Microsoft Sentinel account entities
Size: 2.81 MB - Last synced: 6 months ago - Pushed: 6 months ago - Stars: 0 - Forks: 0
Accelerynt-Security/AS-Block-Hash-in-Defender
Block File Hashes found in Microsoft Sentinel Incidents in Defender
Size: 2.37 MB - Last synced: 4 months ago - Pushed: 4 months ago - Stars: 0 - Forks: 0
Accelerynt-Security/AS-Sign-Out-Google-User
Sign out Google users from Microsoft Sentinel incidents
Language: Python - Size: 2.99 MB - Last synced: 9 months ago - Pushed: 9 months ago - Stars: 0 - Forks: 0
h0ffayyy/MicrosoftSentinelStuff
Misc. content for Microsoft Sentinel
Size: 302 KB - Last synced: about 2 months ago - Pushed: about 2 months ago - Stars: 15 - Forks: 4
Accelerynt-Security/AS-Block-GitHub-User
Block GitHub users from Microsoft Sentinel incidents
Language: JavaScript - Size: 2.12 MB - Last synced: 11 months ago - Pushed: 11 months ago - Stars: 1 - Forks: 0
h0ffayyy/SentinelDomainMonitor
Use dnstwist to monitor for lookalike domains and send logs to Azure Log Analytics
Language: Python - Size: 469 KB - Last synced: 11 months ago - Pushed: 11 months ago - Stars: 0 - Forks: 0
timtim589/WorkspaceManager
This workspace contains all the code (ARM templates and PowerShell) referenced inside my Medium article about the Sentinel Workspace Manager.
Language: PowerShell - Size: 16.6 KB - Last synced: 12 months ago - Pushed: 12 months ago - Stars: 0 - Forks: 0
Accelerynt-Security/Zscaler-add-Domains-to-URL-Category
Extract domains from Microsoft Sentinel incidents and add them to a Zscaler custom URL category
Size: 3.05 MB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 1 - Forks: 0
Accelerynt-Security/AS-Remove-Domains-from-Zscaler-URL-Category
Extract domains from Microsoft Sentinel incidents and remove them from a Zscaler custom URL category
Size: 2.12 MB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 0 - Forks: 0
hisashin0728/SentinelAzureOpenAIQueryCheck
This repository provides summarization Schedule Analytics Rules in Sentinel Incident
Size: 16.6 KB - Last synced: 12 months ago - Pushed: about 1 year ago - Stars: 0 - Forks: 0
hisashin0728/SentinelAzureOpenAI
Microsoft Sentinel / Azure Open AI 演習のレポジトリです。
Size: 298 KB - Last synced: 12 months ago - Pushed: about 1 year ago - Stars: 2 - Forks: 1
Accelerynt-Security/AS-Add-Machine-Logon-Users-to-Incident
Add Microsoft Defender machine logon users to a Microsoft Sentinel incident comment
Size: 1.51 MB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 6 - Forks: 2
Accelerynt-Security/AS-Edgescan-Integration
Pull Edgescan assets, hosts, and vulnerabilities into Microsoft Sentinel custom logs
Size: 1.33 MB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 0 - Forks: 0
MartinPankraz/Security-Insights-2-Action
Content supporting the Microsoft hands-on at DSAG Technology Days March 2023
Size: 12.1 MB - Last synced: 11 months ago - Pushed: about 1 year ago - Stars: 1 - Forks: 0
h0ffayyy/sentinel-to-yaml
Convert Microsoft Sentinel rule templates to YAML
Language: Python - Size: 16.6 KB - Last synced: about 1 year ago - Pushed: over 2 years ago - Stars: 1 - Forks: 0
Ben4FH/Adaz-Sentinel Fork of christophetd/Adaz
Microsoft Sentinel fork of Adaz :wrench: Deploy customizable Active Directory labs in Azure - automatically.
Language: HCL - Size: 4.16 MB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 2 - Forks: 0
Accelerynt-Security/AS-Incident-Account-Spiderfoot-Scan
Run Spiderfoot scans on account entities from Microsoft Sentinel incidents
Size: 1.34 MB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 0 - Forks: 0
Accelerynt-Security/AS-Incident-Host-Exposure-Level
Add comments containing Microsoft Defender exposure level to Microsoft Sentinel incidents
Size: 851 KB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 0 - Forks: 1
hisashin0728/SentinelRule_AzureCISBenchmark
Microsoft Sentinel rules for Azure CIS Benchmark Ver.1.4.0
Size: 309 KB - Last synced: 12 months ago - Pushed: about 1 year ago - Stars: 0 - Forks: 0
hisashin0728/AADIDPCustomRuleForSentinel
Azure Active Directory Identity Protection Custom Rule for Microsoft Sentinel
Size: 16.6 KB - Last synced: 12 months ago - Pushed: over 1 year ago - Stars: 0 - Forks: 0
Accelerynt-Security/AS-Compromised-Machine-Tagging
Tag machines in Microsoft Defender from a Microsoft Sentinel Incident
Size: 751 KB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 0 - Forks: 0
Accelerynt-Security/AS-Okta-NetworkZoneUpdate
Add IPs from Microsoft Sentinel Incidents to an Okta Network Zone Blocklist
Size: 1020 KB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 0 - Forks: 0