Security Operations for Azure
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management. Task: Azure
Browse 24 security tools
FEATURED
USE CASES
Hands-on cloud security training labs for AWS, Azure, and Sentinel teams.
Add-on modules for Seculyze platform providing SSO, reporting & encryption.
24/7 MDR SOC services leveraging Microsoft Sentinel and Defender platforms
Managed SOC service with MS Sentinel for CMMC compliance & DIB security
SIEM/SOAR platform for threat detection, response automation, and compliance
AI-powered deception platform for cloud threat detection using honeytokens
Cloud-based log analytics & monitoring platform for app modernization
AI-powered SIEM for cloud security across Microsoft 365, Azure, AWS, and GCP
Cloud-based platform for search, observability, and security use cases
Cloud-native deception platform deploying dynamic security canaries
GraphSpy is a browser-based post-exploitation tool for Azure Active Directory and Office 365 environments that enables token management, reconnaissance, and interaction with Microsoft 365 services.
A honeypot specifically designed to detect and capture Log4Shell vulnerability exploitation attempts with payload analysis and flexible logging capabilities.
BlueTeam.Lab provides Terraform and Ansible scripts to deploy an orchestrated detection laboratory for testing attacks and forensic artifacts in a SOC-like Windows environment.
msticpy is a Python library for InfoSec investigation and threat hunting in Jupyter Notebooks, providing data querying, threat intelligence enrichment, analysis capabilities, and interactive visualizations.
A portable Rust-based tool for acquiring volatile memory from Linux systems without requiring prior knowledge of the target OS distribution or kernel.
AzureGoat is a deliberately vulnerable Azure cloud infrastructure that incorporates OWASP Top 10 vulnerabilities and Azure service misconfigurations for security training and penetration testing practice.
A forensics toolkit for collecting digital evidence from Google Cloud Platform, Microsoft Azure, and Amazon Web Services during incident response investigations.
A robust and flexible hunt and incident response tool for investigating AzureAD, Azure, and M365 environments.
A training program that teaches security professionals how to conduct penetration testing and attack simulations against AWS and Azure cloud infrastructure.
A repository of sample security playbooks with ARM templates for Microsoft Sentinel that enable automated security orchestration and response capabilities.
A serverless application that creates and monitors fake HTTP endpoints as honeytokens to detect attackers, malicious insiders, and automated threats.
CobaltBus integrates Cobalt Strike with Azure Service Bus to create covert C2 communication channels for red team operations.
An Azure Function that validates and relays Cobalt Strike beacon traffic based on Malleable C2 profile authentication.
AHHHZURE is an automated deployment script that creates vulnerable Azure cloud lab environments for offensive security training and cloud penetration testing practice.
Stay Updated with Mandos Brief
Get strategic cybersecurity insights in your inbox