azure-sentinel

Here are 62 public repositories matching this topic...

edoardogerosa / sentinel-attack

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

azure detection logging cybersecurity sysmon threat-hunting siem security-tools blue-team mitre-attack workbooks sysmon-config terraform-azure kql azure-sentinel

Updated Nov 28, 2024

briandelmsft / SentinelAutomationModules

Star

The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel

automation sentinel cybersecurity sample-code azure-sentinel azuresentinel microsoft-sentinel

Updated Jan 2, 2026
PowerShell

eshlomo1 / Microsoft-Sentinel-SecOps

Star

Microsoft Sentinel SOC Operations

microsoft security azure incident-response secops threat-hunting siem hunting soc ir cloudsecurity threat-intelligence azure-sentinel microsoft-sentinel

Updated Jul 10, 2024
PowerShell

ashwin-patil / blue-teaming-with-kql

Star

Repository with Sample KQL Query examples for Threat Hunting

security azure threat-hunting siem loganalytics blueteaming azure-data-explorer kql azure-sentinel

Updated Sep 1, 2022

noodlemctwoodle / pf-azure-sentinel

Star

Parse pfSense/OPNSense logs using Logstash, GeoIP tag entities, add additional context to logs, then send to Azure Sentinel for analysis.

Updated Feb 28, 2022

jostuffl / AzureSentinel_Stuff

Star

A collection of things I've created or found that I think is useful for Azure Sentinel.

azure sentinel kql azure-sentinel notebooks-jupyter

Updated Jun 17, 2026
PowerShell

ItzHerbie / KQL

Star

Detection rules and threat hunting queries in Defender XDR and Azure Sentinel

cybersecurity kql azure-sentinel defender-xdr kql-threathunting

Updated Mar 13, 2026

y0nil / kusto.blog

Star

A technical blog about Kusto

blog azure bigdata big-data-platform big-data-analytics azure-monitor kusto azure-data-explorer kql azure-sentinel kusto-language kusto-query-language

Updated Oct 31, 2025
HTML

austin-lai / Collection-of-Azure-Monitor-or-Sentinel-Kusto-Queries

Star

Collection of Azure Monitor or Sentinel Kusto Queries

security azure-log-analytics azure-monitor kql azure-sentinel kusto-query

Updated Aug 17, 2022

clouddrove / terraform-azure-sentinel

Sponsor

Star

This terraform module is designed to create azure Sentinel resources. Microsoft Sentinel natively incorporates proven Azure services, like Log Analytics and Logic Apps. Microsoft Sentinel enriches your investigation and detection with AI. It provides Microsoft's threat intelligence stream and enables you to bring your own threat intelligence

azure terraform hcl terraform-module terraform-azure clouddrove azure-sentinel terraform-azurerm

Updated Apr 23, 2026
HCL

Aaniket09 / AI-SOC-Agent

Star

A modular AI-powered CLI for Azure Sentinel threat hunting & remediation. Features strict guardrails, cost-aware routing, and automated SOAR workflows (VM isolation, rule creation).

python cybersecurity openai threat-hunting soar kql azure-sentinel microsoft-defender generative-ai

Updated Dec 20, 2025
Python

fyankov96 / agentic-soc-analyst

Star

AI-powered SOC analyst for Azure Sentinel threat hunting with GPT and VirusTotal integration.

threat-hunting virustotal ai-security azure-sentinel microsoft-defender soc-analyst

Updated Sep 23, 2025
Python

hisashin0728 / SentinelAzureOpenAI

Star

Microsoft Sentinel / Azure Open AI 演習のレポジトリです。

microsoft microsoft-azure azure-sentinel microsoft-sentinel azure-sentinel-playbook azureopenai

Updated May 20, 2024

austin-lai / Collection-of-AzureSentinel-Playbook

Star

Collection of Azure Sentinel - Playbook | Logic App (Template)

playbook ingestion threat-intel logic-app azure-sentinel azure-sentinel-playbook azure-logic-app azure-sentinel-playbook-template playbook-template threat-feed

Updated May 13, 2022

SvenAelterman / AzSentinel-syslogfwd-HA

Star

Azure ARM (bicep) template for deploying a high availability syslog/CEF forwarder setup using Azure VMs.

high-availability azure-log-analytics azure-sentinel

Updated Nov 6, 2021
Bicep

ibondarenko1 / azure-sentinel-detection-engineering

Star

9 MITRE ATT&CK-mapped KQL detections on a live Microsoft Sentinel + Defender XDR environment (control-plane, endpoint, identity), with a PR-gated Detection-as-Code pipeline (GitHub Actions, OIDC), SOAR playbooks, and a SOC 2 control mapping.