1ace136e82
|
||
|---|---|---|
| .. | ||
| gif | ||
| images | ||
| MITRE ATT&CK for Microsoft Sentinel.ipynb | ||
| MSFT-Builtin-Alerts.csv | ||
| README.md | ||
| config.json | ||
| msticpyconfig.yaml | ||
README.md
MITRE ATT&CK for Microsoft Sentinel
This folder has resources to generate MITRE ATT&CK coverage for Microsoft Sentinel and other Microsoft threat Protection Portfolio solutions.
Jupyter Notebook : Click on nbviewer Badge - 
Raw Csv file for Microsoft Sentinel Detections and hunting Queries
KQL Query:
let SentinelGithub = (externaldata(Tactic: string, TechniqueId: string, Platform: string, DetectionType: string, DetectionService: string, DetectionId: guid, DetectionName: string, DetectionDescription: string, ConnectorId: string, DataTypes: string, Query: string, QueryFrequency: string, QueryPeriod: string, TriggerOperator: string, TriggerThreshold: real, DetectionSeverity: string, DetectionUrl: string, IngestedDate: datetime)
[@"https://raw.githubusercontent.com/microsoft/mstic/master/PublicFeeds/MITREATT%26CK/MicrosoftSentinel.csv"] with (format="csv", ignoreFirstRecord=True)
);
SentinelGithub
Raw Csv file for Microsoft Threat Protection Portfolio Services
KQL Query
let MSFTBuiltinAlerts = (externaldata(Alert: string, Description: string, Tactics:string, Severity:string, Provider:string, DetectionService: string)
[@"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Tools/MITREATT%26CK-LayerGeneration-Notebook/MSFT-Builtin-Alerts.csv"] with (format="csv", ignoreFirstRecord=True)
);
MSFTBuiltinAlerts
Setup
Data Acquisition Github
Data Cleaning And Preprocessing
Data Scraping
Data Visualization
Jupyter Dataframe Widget
Heatmaps
RadarPlots
ATT&CK Navigator
DonutCharts
