Sentinel ATT&CK for Microsoft Azure Sentinel

20 July 2022

Sentinel ATT&CK aims to simplify the rapid deployment of a threat hunting capability that leverages Sysmon and MITRE ATT&CK Matrix on Azure Sentinel.

This tool requires tuning and investigative trialling to be truly effective in a production environment.

Sentinel Attack Demo

Overview

Sentinel ATT&CK provides the following tools:

Usage

Head over to the WIKI to learn how to deploy and run Sentinel ATT&CK.

A copy of the DEF CON 27 cloud village presentation introducing Sentinel ATT&CK can be found here or contact the CRYPTRON Security Blue Team for more details.