December 25, 2019

272 words 2 mins read

BlueTeamLabs/sentinel-attack

BlueTeamLabs/sentinel-attack

Repository of sentinel alerts and hunting queries leveraging sysmon and the MITRE ATT&CK framework

repo name BlueTeamLabs/sentinel-attack
repo link https://github.com/BlueTeamLabs/sentinel-attack
homepage
language HCL
size (curr.) 34668 kB
stars (curr.) 344
created 2019-05-30
license MIT License

Icon

Maintenance GitHub release PRs Welcome

Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel.

DISCLAIMER: This tool is not a magic bullet. It will require tuning and real investigative work to be truly effective in your environment.

demo

Overview

Sentinel ATT&CK provides the following set of tools:

Usage

Head over to the WIKI to learn how to deploy and run Sentinel ATT&CK.

A copy of the DEF CON 27 cloud village presentation introducing Sentinel ATT&CK can be found here and here.

Contributing

As this repository is constantly being updated and worked on, if you spot any problems we warmly welcome pull requests or submissions on the issue tracker.

Authors and contributors

Sentinel ATT&CK is built with ❤ by:

  • Edoardo Gerosa Twitter Follow

Special thanks go to the following contributors:

comments powered by Disqus