f86b352f3c
|
||
|---|---|---|
| .. | ||
| Layers | ||
| gif | ||
| AzureSentinel-with-Headers.csv | ||
| AzureSentinel.csv | ||
| MITRE ATT&CK for Azure Sentinel.ipynb | ||
| MSFTAlerts-with-Headers.csv | ||
| MSFTAlerts.csv | ||
| README.md | ||
| config.json | ||
| msticpyconfig.yaml | ||
README.md
MITRE ATT&CK for Azure Sentinel
This folder has resources to generate MITRE ATT&CK coverage for Azure Sentinel and other Microsoft threat Protection Portfolio solutions.
Jupyter Notebook : Click on nbviewer Badge - 
Raw Csv file for Azure Sentinel Detections and hunting Queries
KQL Query:
let SentinelGithub = (externaldata(MITREMatrix: string, Tactic: string, TechniqueId:string, TechniqueName:string, Platform: string , DetectionType: string , DetectionService: string , DetectionId: string, DetectionName: string, DetectionDescription: string, ConnectorId: string, DataTypes: string, Query: string , QueryFrequency: string , QueryPeriod:string , TriggerOperator: string, TriggerThreshold: string, DetectionSeverity: string, DetctionUrl: string, IngestedDate: string )
[@"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/MITRE%20ATT%26CK/AzureSentinel.csv"]
);
SentinelGithub
Raw Csv file for Microsoft Threat Protection Portfolio Services
KQL Query
let MSFTServices = (externaldata(Alert: string, Description: string, Tactics:string, Severity:string, Provider:string, DetectionService: string)
[@"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Sample%20Data/MITRE%20ATT%26CK/MSFTAlerts.csv"]
);
MSFTServices
Setup
Data Acquisition Github
Data Cleaning And Preprocessing
Data Scraping
Data Visualization
Jupyter Dataframe Widget
Heatmaps
RadarPlots
ATT&CK Navigator
DonutCharts
