|
2 | 2 | []() |
3 | 3 | [](http://makeapullrequest.com) |
4 | 4 | [](https://2019.cloud-village.org/#talks?olafedoardo) |
5 | | -[](https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/SysmonThreatHunting.json) |
6 | | - |
7 | | -[](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FBlueTeamLabs%2Fsentinel-attack%2Fmaster%2Fazuredeploy.json) |
8 | 5 |
|
9 | 6 | Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and [MITRE ATT&CK](https://attack.mitre.org/) on Azure Sentinel. |
10 | 7 |
|
11 | 8 | **DISCLAIMER:** This tool requires tuning and investigative trialling to be truly effective in a production environment. |
12 | 9 |
|
13 | | -  |
14 | | - |
15 | 10 | ### Overview |
16 | 11 | Sentinel ATT&CK provides the following tools: |
17 | | - - An [ARM template](https://github.com/BlueTeamToolkit/sentinel-attack/blob/master/azuredeploy.json) to automatically deploy Sentinel ATT&CK to your Azure environment |
18 | | - - A [Sysmon log parser](https://github.com/BlueTeamToolkit/sentinel-attack/blob/master/parser/Sysmon-OSSEM.txt) mapped against the [OSSEM](https://github.com/Cyb3rWard0g/OSSEM) data model and compatible with the [Sysmon Modular XML configuration file](https://github.com/olafhartong/sysmon-modular/blob/master/sysmonconfig.xml) |
19 | | - - 117 ready-to-use Kusto [detection rules](https://github.com/BlueTeamToolkit/sentinel-attack/tree/master/detections) covering 156 ATT&CK techniques |
20 | | - - A [Sysmon threat hunting workbook](https://github.com/BlueTeamToolkit/sentinel-attack/tree/master/hunting) inspired by the [Threat Hunting App](https://splunkbase.splunk.com/app/4305/) for Splunk to help simplify threat hunts |
21 | | - - Comprehensive guidance to help you use the materials in this repository |
| 12 | + - A [Sysmon log parser](https://github.com/netevert/sentinel-attack/blob/master/parser/Sysmon-OSSEM.txt) mapped against the [OSSEM](https://github.com/OTRF/OSSEM) data model and compatible with the [Sysmon Modular XML configuration file](https://github.com/olafhartong/sysmon-modular/blob/master/sysmonconfig.xml) |
| 13 | + - 117 ready-to-use Kusto [detection rules](https://github.com/netevert/sentinel-attack/tree/master/detections) covering 156 ATT&CK techniques |
22 | 14 |
|
23 | 15 | ### Usage |
24 | | -Head over to the [WIKI](https://github.com/BlueTeamLabs/sentinel-attack/wiki) to learn how to deploy and run Sentinel ATT&CK. |
| 16 | +Head over to the [WIKI](https://github.com/netevert/sentinel-attack/wiki) to learn how to deploy and run Sentinel ATT&CK. |
25 | 17 |
|
26 | | -A copy of the DEF CON 27 cloud village presentation introducing Sentinel ATT&CK can be found [here](https://2019.cloud-village.org/#talks?olafedoardo) and [here](https://github.com/BlueTeamToolkit/sentinel-attack/tree/master/docs/DEFCON_attacking_the_sentinel.pdf). |
| 18 | +A copy of the DEF CON 27 cloud village presentation introducing Sentinel ATT&CK can be found [here](https://2019.cloud-village.org/#talks?olafedoardo) and [here](https://github.com/netevert/sentinel-attack/blob/master/docs/DEFCON_attacking_the_sentinel.pdf). |
27 | 19 |
|
28 | 20 | ### Contributing |
29 | | -As this repository is constantly being updated and worked on, if you spot any problems we warmly welcome pull requests or submissions on the issue tracker. |
| 21 | +This repository is work in progress, if you spot any problems we welcome pull requests or submissions on the issue tracker. |
30 | 22 |
|
31 | 23 | ### Authors and contributors |
32 | 24 | Sentinel ATT&CK is built with ❤ by: |
33 | 25 | - Edoardo Gerosa |
34 | | -[](https://twitter.com/netevert) |
| 26 | +[](https://twitter.com/edoardogerosa) |
35 | 27 |
|
36 | 28 | Special thanks go to the following contributors: |
37 | 29 |
|
|
0 commit comments