Awesome Open Source
Awesome Open Source

Icon

GitHub release Maintenance PRs Welcome

Deploy to Azure

Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel.

DISCLAIMER: This tool requires tuning and investigative trialling to be truly effective in a production environment.

demo

Overview

Sentinel ATT&CK provides the following tools:

Usage

Head over to the WIKI to learn how to deploy and run Sentinel ATT&CK.

A copy of the DEF CON 27 cloud village presentation introducing Sentinel ATT&CK can be found here and here.

Contributing

As this repository is constantly being updated and worked on, if you spot any problems we warmly welcome pull requests or submissions on the issue tracker.

Authors and contributors

Sentinel ATT&CK is built with ❤ by:

  • Edoardo Gerosa Twitter Follow

Special thanks go to the following contributors:


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
security-tools (404
logging (398
hcl (372
azure (367
detection (238
cybersecurity (169
threat-hunting (67
mitre-attack (29
siem (27
blue-team (15