Cloud-native SIEM for intelligent security analytics for your entire enterprise.
Перейти к файлу
Nathan Swift e4f07cfc3c New Playbook - Isolate-AzureVMtoNSG
This playbook will take host entites from triggered incident and search for matches in the enterprises subscriptions. An email for approval will be sent to isolate Azure VM. Upon approval a new NSG Deny All is created and applied to the Azure VM, The Azure VM is restarted to remove any persisted connections.
2020-03-18 02:29:39 -04:00
.azure-pipelines Add new PR validation - JSON file syntax (#467) 2020-02-04 11:23:49 +02:00
.github
.script update PR validation log message(#470) 2020-02-04 11:47:46 +02:00
.vscode Add infrastructure for PR validation (#456) 2020-01-30 15:47:21 +02:00
BYOML
Dashboards
DataConnectors add logo file 2020-02-12 17:27:06 -08:00
Detections Merge pull request #454 from jeffhoyo/patch-1 2020-01-27 06:20:41 -08:00
Exploration Queries Merge pull request #435 from Azure/addIotQuery 2020-02-11 10:36:38 -08:00
Functions
Hunting Queries Merge pull request #481 from Azure/LegAuth-SyntaxFix 2020-02-13 06:32:48 -08:00
Logos Add files via upload 2020-02-12 17:29:57 -08:00
Notebooks
Parsers Merge pull request #421 from GeneralFox/patch-1 2020-01-08 13:00:37 -08:00
Playbooks New Playbook - Isolate-AzureVMtoNSG 2020-03-18 02:29:39 -04:00
QueryLanguageSamples
Sample Data Merge pull request #477 from Zimperium/Zimperium_MTD 2020-02-11 13:57:40 -08:00
Workbooks change Json file names 2020-02-13 10:06:06 +02:00
docs
.gitignore Some fixups, ready to go now 2020-01-16 16:19:11 -08:00
CODEOWNERS Update CODEOWNERS 2020-02-13 16:38:48 -08:00
LICENSE
README.md Update README.md 2020-01-08 15:50:04 -05:00
azure-pipelines.yml Add new PR validation - JSON file syntax (#467) 2020-02-04 11:23:49 +02:00
package-lock.json Add infrastructure for PR validation (#456) 2020-01-30 15:47:21 +02:00
package.json Add infrastructure for PR validation (#456) 2020-01-30 15:47:21 +02:00
tsconfig.json fix tsconfig.json file (#416) 2019-12-19 02:36:56 +02:00

README.md

Azure Sentinel

Welcome to the Azure Sentinel repository! This repository contains out of the box detections, exploration queries, hunting queries, workbooks and playbooks to help you get ramped up with Azure Sentinel and provide you security content to secure your environment and hunt for threats. You can also submit to issues for any samples or resources you would like to see here as you onboard to Azure Sentinel. For questions and feedback, please contact AzureSentinel@microsoft.com

Resources

Getting started with GitHub

Azure Sentinel documentation

Azure Sentinel Techcommunity

Azure Sentinel UserVoice Use this to request features to our product.

Security Community Webinars

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

For information on how to contribute, refer to the "how to contribute" guide on the project's wiki.