├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ ├── feature_request.md │ └── question.md └── workflows │ └── jsoncheck.yml ├── CODEOWNERS ├── Connector ├── connector.json └── readme.md ├── Deploy ├── GrantPermissions.ps1 ├── deployui.json ├── readme.md └── statdeploy.json ├── Docs ├── authentication.md ├── deployment.md ├── howitworks.md ├── images │ ├── relatedalerts.jpg │ ├── remediation.jpg │ ├── riskscoring.jpg │ ├── riskscoringsample.jpg │ ├── sampletriage.png │ ├── statconnector.jpg │ ├── statdetailedview.png │ └── statoverview.png ├── incidenttasks.md ├── mssp.md ├── readme.md ├── remediation.md ├── riskscoring.md ├── sample.md └── troubleshooting.md ├── Function ├── ServicePrincipalIdentity.json ├── SystemIdentity.json └── UserAssignedIdentity.json ├── LICENSE ├── Modules ├── AADRisksModule │ ├── readme.md │ └── returnschema.json ├── BaseModule │ ├── readme.md │ └── returnschema.json ├── FileModule │ ├── readme.md │ └── returnschema.json ├── KQLModule │ ├── readme.md │ └── returnschema.json ├── MCASModule │ ├── readme.md │ └── returnschema.json ├── MDEModule │ ├── readme.md │ └── returnschema.json ├── OOFModule │ ├── readme.md │ └── returnschema.json ├── RelatedAlerts │ ├── readme.md │ └── returnschema.json ├── RunPlaybook │ ├── readme.md │ └── returnschema.json ├── ScoringModule │ ├── readme.md │ └── returnschema.json ├── TIModule │ ├── readme.md │ └── returnschema.json ├── UEBAModule │ ├── readme.md │ └── returnschema.json ├── WatchlistModule │ ├── readme.md │ └── returnschema.json ├── readme.md └── versions.json ├── README.md ├── SECURITY.md ├── Samples ├── basicsample-statv1.json ├── basicsample.json └── readme.md └── Workbook ├── azuredeploy.json └── readme.md /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/.github/ISSUE_TEMPLATE/bug_report.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/.github/ISSUE_TEMPLATE/feature_request.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/question.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/.github/ISSUE_TEMPLATE/question.md -------------------------------------------------------------------------------- /.github/workflows/jsoncheck.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/.github/workflows/jsoncheck.yml -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/CODEOWNERS -------------------------------------------------------------------------------- /Connector/connector.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Connector/connector.json -------------------------------------------------------------------------------- /Connector/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Connector/readme.md -------------------------------------------------------------------------------- /Deploy/GrantPermissions.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Deploy/GrantPermissions.ps1 -------------------------------------------------------------------------------- /Deploy/deployui.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Deploy/deployui.json -------------------------------------------------------------------------------- /Deploy/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Deploy/readme.md -------------------------------------------------------------------------------- /Deploy/statdeploy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Deploy/statdeploy.json -------------------------------------------------------------------------------- /Docs/authentication.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/authentication.md -------------------------------------------------------------------------------- /Docs/deployment.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/deployment.md -------------------------------------------------------------------------------- /Docs/howitworks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/howitworks.md -------------------------------------------------------------------------------- /Docs/images/relatedalerts.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/images/relatedalerts.jpg -------------------------------------------------------------------------------- /Docs/images/remediation.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/images/remediation.jpg -------------------------------------------------------------------------------- /Docs/images/riskscoring.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/images/riskscoring.jpg -------------------------------------------------------------------------------- /Docs/images/riskscoringsample.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/images/riskscoringsample.jpg -------------------------------------------------------------------------------- /Docs/images/sampletriage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/images/sampletriage.png -------------------------------------------------------------------------------- /Docs/images/statconnector.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/images/statconnector.jpg -------------------------------------------------------------------------------- /Docs/images/statdetailedview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/images/statdetailedview.png -------------------------------------------------------------------------------- /Docs/images/statoverview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/images/statoverview.png -------------------------------------------------------------------------------- /Docs/incidenttasks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/incidenttasks.md -------------------------------------------------------------------------------- /Docs/mssp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/mssp.md -------------------------------------------------------------------------------- /Docs/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/readme.md -------------------------------------------------------------------------------- /Docs/remediation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/remediation.md -------------------------------------------------------------------------------- /Docs/riskscoring.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/riskscoring.md -------------------------------------------------------------------------------- /Docs/sample.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/sample.md -------------------------------------------------------------------------------- /Docs/troubleshooting.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Docs/troubleshooting.md -------------------------------------------------------------------------------- /Function/ServicePrincipalIdentity.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Function/ServicePrincipalIdentity.json -------------------------------------------------------------------------------- /Function/SystemIdentity.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Function/SystemIdentity.json -------------------------------------------------------------------------------- /Function/UserAssignedIdentity.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Function/UserAssignedIdentity.json -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/LICENSE -------------------------------------------------------------------------------- /Modules/AADRisksModule/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/AADRisksModule/readme.md -------------------------------------------------------------------------------- /Modules/AADRisksModule/returnschema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/AADRisksModule/returnschema.json -------------------------------------------------------------------------------- /Modules/BaseModule/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/BaseModule/readme.md -------------------------------------------------------------------------------- /Modules/BaseModule/returnschema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/BaseModule/returnschema.json -------------------------------------------------------------------------------- /Modules/FileModule/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/FileModule/readme.md -------------------------------------------------------------------------------- /Modules/FileModule/returnschema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/FileModule/returnschema.json -------------------------------------------------------------------------------- /Modules/KQLModule/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/KQLModule/readme.md -------------------------------------------------------------------------------- /Modules/KQLModule/returnschema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/KQLModule/returnschema.json -------------------------------------------------------------------------------- /Modules/MCASModule/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/MCASModule/readme.md -------------------------------------------------------------------------------- /Modules/MCASModule/returnschema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/MCASModule/returnschema.json -------------------------------------------------------------------------------- /Modules/MDEModule/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/MDEModule/readme.md -------------------------------------------------------------------------------- /Modules/MDEModule/returnschema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/MDEModule/returnschema.json -------------------------------------------------------------------------------- /Modules/OOFModule/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/OOFModule/readme.md -------------------------------------------------------------------------------- /Modules/OOFModule/returnschema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/OOFModule/returnschema.json -------------------------------------------------------------------------------- /Modules/RelatedAlerts/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/RelatedAlerts/readme.md -------------------------------------------------------------------------------- /Modules/RelatedAlerts/returnschema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/RelatedAlerts/returnschema.json -------------------------------------------------------------------------------- /Modules/RunPlaybook/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/RunPlaybook/readme.md -------------------------------------------------------------------------------- /Modules/RunPlaybook/returnschema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/RunPlaybook/returnschema.json -------------------------------------------------------------------------------- /Modules/ScoringModule/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/ScoringModule/readme.md -------------------------------------------------------------------------------- /Modules/ScoringModule/returnschema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/ScoringModule/returnschema.json -------------------------------------------------------------------------------- /Modules/TIModule/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/TIModule/readme.md -------------------------------------------------------------------------------- /Modules/TIModule/returnschema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/TIModule/returnschema.json -------------------------------------------------------------------------------- /Modules/UEBAModule/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/UEBAModule/readme.md -------------------------------------------------------------------------------- /Modules/UEBAModule/returnschema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/UEBAModule/returnschema.json -------------------------------------------------------------------------------- /Modules/WatchlistModule/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/WatchlistModule/readme.md -------------------------------------------------------------------------------- /Modules/WatchlistModule/returnschema.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/WatchlistModule/returnschema.json -------------------------------------------------------------------------------- /Modules/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/readme.md -------------------------------------------------------------------------------- /Modules/versions.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Modules/versions.json -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/README.md -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/SECURITY.md -------------------------------------------------------------------------------- /Samples/basicsample-statv1.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Samples/basicsample-statv1.json -------------------------------------------------------------------------------- /Samples/basicsample.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Samples/basicsample.json -------------------------------------------------------------------------------- /Samples/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Samples/readme.md -------------------------------------------------------------------------------- /Workbook/azuredeploy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Workbook/azuredeploy.json -------------------------------------------------------------------------------- /Workbook/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/briandelmsft/SentinelAutomationModules/HEAD/Workbook/readme.md --------------------------------------------------------------------------------