Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel.
DISCLAIMER: This tool requires tuning and investigative trialling to be truly effective in a production environment.
Sentinel ATT&CK provides the following tools:
Head over to the WIKI to learn how to deploy and run Sentinel ATT&CK.
As this repository is constantly being updated and worked on, if you spot any problems we warmly welcome pull requests or submissions on the issue tracker.
Sentinel ATT&CK is built with ❤ by:
Special thanks go to the following contributors: