Microsoft Sentinel and Microsoft 365 Defender
Welcome to the unified Microsoft Sentinel and Microsoft 365 Defender repository! This repository contains out of the box detections, exploration queries, hunting queries, workbooks, playbooks and much more to help you get ramped up with Microsoft Sentinel and provide you security content to secure your environment and hunt for threats. The hunting queries also include Microsoft 365 Defender hunting queries for advanced hunting scenarios in both Microsoft 365 Defender and Microsoft Sentinel. You can also submit to issues for any samples or resources you would like to see here as you onboard to Microsoft Sentinel. This repository welcomes contributions and refer to this repository's wiki to get started. For questions and feedback, please contact AzureSentinel@microsoft.com Resources: - Microsoft Sentinel documentation - Microsoft 365 Defender documentation - Security Community Webinars - Getting started with GitHub We value your feedback. Here are some channels to help surface your questions or feedback: - General product specific Q&A for SIEM and SOAR - Join in the Microsoft Sentinel Tech Community conversations - General product specific Q&A for XDR
FEATURES
ALTERNATIVES
A cybersecurity concept categorizing indicators of compromise based on their level of difficulty for threat actors to change.
A tool for identifying potential security threats by fetching known URLs and filtering out URLs with open redirection or SSRF parameters.
Cisco Umbrella is a cloud security platform that offers protection against threats on the internet by blocking malicious activity.
Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.
A framework for managing cyber threat intelligence in structured formats.
Check the reputation of an IP address to identify potential threats.
A threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel
Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.