Sentinel ATT&CK
Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel. Overview Sentinel ATT&CK provides the following tools: * An ARM template to automatically deploy Sentinel ATT&CK to your Azure environment * A Sysmon configuration file compatible with Azure Sentinel and mapped to specific ATT&CK techniques * A Sysmon log parser mapped against the OSSEM data model * 117 ready-to-use Kusto detection rules covering 156 ATT&CK techniques * A Sysmon threat hunting workbook inspired by the Threat Hunting App for Splunk to help simplify threat hunts * A Terraform script to provision a lab to test Sentinel ATT&CK Comprehensive guidance to help you use the materials in this repository Usage Head over to the WIKI to learn how to deploy and run Sentinel ATT&CK. A copy of the DEF CON 27 cloud village presentation introducing Sentinel ATT&CK can be found here and here. Contributing As this repository is constantly being updated and worked on, if you spot any problems we warmly welcome pull requests or submissions on
FEATURES
ALTERNATIVES
A threat intelligence dissemination layer for open-source security tools with STIX-2 support and plugin-based architecture.
Vectra AI offers an AI-driven Attack Signal Intelligence platform that uses advanced machine learning to detect and respond to cyber threats across hybrid cloud environments.
Lists of sources and utilities to hunt, detect, and prevent evildoers.
A community-driven project sharing detection logic, adversary tradecraft, and resources to make detection development more efficient, following MITRE ATT&CK structure.
A curated collection of Sigma & Yara rules and Indicators of Compromise (IOCs) for threat detection and malware identification.
The Trystero Project is a threat intelligence platform that measures email security efficacy and provides various tools and resources, while VMware Carbon Black offers endpoint protection and workload security solutions.
Converts OpenIOC v1.0 XML files into STIX Indicators, generating STIX v1.2 and CybOX v2.1 content.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.