This code snippet retrieves Azure Sentinel rules that are mapped to MITRE ATT&CK Framework and generates the related MITRE D3FEND defenses
☆74Jun 28, 2021Updated 4 years ago
Alternatives and similar repositories for Sentinel2D3FEND
Users that are interested in Sentinel2D3FEND are comparing it to the libraries listed below
Sorting:
- ☆12Jul 15, 2022Updated 3 years ago
- High-level Threat Intelligence playbooks☆20Mar 6, 2021Updated 4 years ago
- ☆14Mar 5, 2021Updated 4 years ago
- Ingesting Shodan Monitor Alerts to Microsoft Sentinel☆34Sep 19, 2023Updated 2 years ago
- ☆18Jul 13, 2022Updated 3 years ago
- Integration tools for TheHive and Azure Sentinel☆13Sep 23, 2020Updated 5 years ago
- Sentinel Analytics Rule converter PowerShell module☆65Updated this week
- ☆14Feb 22, 2021Updated 5 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆36Jul 11, 2023Updated 2 years ago
- An automated deployment tool that creates instrumented Azure environments with vulnerable systems for simulating attacks and testing Micr…☆62Jul 27, 2025Updated 7 months ago
- Send High & New Incidents to The Hive incident management Platform☆18Feb 13, 2021Updated 5 years ago
- Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a…☆21Oct 25, 2023Updated 2 years ago
- A collection of content for blue team professionals, designed to support both reactive and proactive cybersecurity measures of every aspe…☆33Oct 24, 2025Updated 4 months ago
- Collects a listing of MITRE ATT&CK Techniques, then discovers Splunk ESCU detections for each technique☆69Mar 17, 2024Updated last year
- A small crappy script I wrote that converts the Sigma Windows Process Creation events to KQL via PySigma. Designed for CI/CD☆10Nov 7, 2023Updated 2 years ago
- Workbooks for Azure Sentinel☆63Aug 14, 2023Updated 2 years ago
- Serverless AWS application to upload and hash evidence files.☆23Oct 26, 2022Updated 3 years ago
- PowerShell Script to facilitate the processing of SRUM data for on-the-fly forensics and if needed threat hunting☆23Oct 26, 2019Updated 6 years ago
- Sentinel Logic Apps, Playbooks and Workbooks to automate enrichment, incident analysis and more.☆115Jan 18, 2026Updated last month
- ☆24Apr 16, 2019Updated 6 years ago
- Transform EQL detection rules to VQL artifacts☆12Nov 12, 2021Updated 4 years ago
- Resources for SANS CTI Summit 2021 presentation☆104Nov 8, 2023Updated 2 years ago
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆118Nov 28, 2023Updated 2 years ago
- A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.☆12Jun 23, 2025Updated 8 months ago
- Sentinel Recon Tools Workbook☆14Aug 24, 2022Updated 3 years ago
- ☆11Aug 3, 2018Updated 7 years ago
- A collection of assets I created to help improve security and governance operations for Azure environments☆10Apr 7, 2021Updated 4 years ago
- A PowerShell incident response script for quick triage☆81Jul 18, 2022Updated 3 years ago
- Azure Function for the Microsoft Sentinel Triage AssistanT (STAT)☆15Dec 17, 2025Updated 2 months ago
- ☆10Aug 21, 2024Updated last year
- various tools for Microsoft Sentinel☆32Jun 26, 2025Updated 8 months ago
- Azure OpenAI Playbook created for Microsoft Sentinel☆13May 2, 2024Updated last year
- Splunk TA for alert action to TheHive-project☆11May 13, 2020Updated 5 years ago
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- custom Python script to perform Yara matching in Cortex XDR☆14May 18, 2021Updated 4 years ago
- Scripts and tools created for appx analysis talk (Magnet summit 2019)☆19Feb 26, 2024Updated 2 years ago
- Converts Sigma detection rules to a Splunk alert configuration.☆12Jul 1, 2021Updated 4 years ago
- An extendable tool to extract and aggregate IoCs from threat feeds☆33Feb 6, 2024Updated 2 years ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆804Jan 14, 2026Updated last month