├── .gitignore ├── .vs └── VSWorkspaceState.json ├── CODE_OF_CONDUCT.md ├── LICENSE ├── README.md ├── SECURITY.md ├── SUPPORT.md ├── Sentinel ├── environments │ ├── Integration │ │ ├── Connections │ │ │ ├── AzureActiveDirectory │ │ │ │ ├── Azure.AD.connection.json │ │ │ │ └── Azure.AD.connection.parameters.json │ │ │ └── Office365 │ │ │ │ ├── Office365.connection.json │ │ │ │ └── Office365.connection.parameters.json │ │ ├── Connectors │ │ │ ├── AzureActiveDirectory.settings.json │ │ │ ├── AzureActiveDirectoryIdentityProtection.settings.json │ │ │ ├── AzureActivity.settings.json │ │ │ ├── AzureSecurityCenter.settings.json │ │ │ ├── MicrosoftCloudAppSecurity.settings.json │ │ │ ├── Office365Defender.settings.json │ │ │ ├── Office365Logs.settings.json │ │ │ └── ThreatIntelligenceTaxii.settings.json │ │ ├── Environment.Integration.Definition.json │ │ └── Environment.json │ ├── PreProduction │ │ ├── Connections │ │ │ ├── AzureActiveDirectory │ │ │ │ ├── Azure.AD.connection.json │ │ │ │ └── Azure.AD.connection.parameters.json │ │ │ └── Office365 │ │ │ │ ├── Office365.connection.json │ │ │ │ └── Office365.connection.parameters.json │ │ ├── Connectors │ │ │ ├── AzureActiveDirectory.settings.json │ │ │ ├── AzureActiveDirectoryIdentityProtection.settings.json │ │ │ ├── AzureActivity.settings.json │ │ │ ├── AzureSecurityCenter.settings.json │ │ │ ├── MicrosoftCloudAppSecurity.settings.json │ │ │ ├── Office365Defender.settings.json │ │ │ ├── Office365Logs.settings.json │ │ │ └── ThreatIntelligenceTaxii.settings.json │ │ ├── Environment.Integration.Definition.json │ │ └── Environment.json │ ├── Production │ │ ├── Connections │ │ │ ├── AzureActiveDirectory │ │ │ │ ├── Azure.AD.connection.json │ │ │ │ └── Azure.AD.connection.parameters.json │ │ │ └── Office365 │ │ │ │ ├── Office365.connection.json │ │ │ │ └── Office365.connection.parameters.json │ │ ├── Connectors │ │ │ ├── AzureActiveDirectory.settings.json │ │ │ ├── AzureActiveDirectoryIdentityProtection.settings.json │ │ │ ├── AzureActivity.settings.json │ │ │ ├── AzureSecurityCenter.settings.json │ │ │ ├── MicrosoftCloudAppSecurity.settings.json │ │ │ ├── Office365Defender.settings.json │ │ │ ├── Office365Logs.settings.json │ │ │ └── ThreatIntelligenceTaxii.settings.json │ │ └── Environment.json │ └── Test │ │ ├── Connections │ │ ├── AzureActiveDirectory │ │ │ ├── Azure.AD.connection.json │ │ │ └── Azure.AD.connection.parameters.json │ │ └── Office365 │ │ │ ├── Office365.connection.json │ │ │ └── Office365.connection.parameters.json │ │ ├── Connectors │ │ ├── AzureActiveDirectory.settings.json │ │ ├── AzureActiveDirectoryIdentityProtection.settings.json │ │ ├── AzureActivity.settings.json │ │ ├── AzureSecurityCenter.settings.json │ │ ├── MicrosoftCloudAppSecurity.settings.json │ │ ├── Office365Defender.settings.json │ │ ├── Office365Logs.settings.json │ │ └── ThreatIntelligenceTaxii.settings.json │ │ ├── Environment.Integration.Definition.json │ │ └── Environment.json └── mitre-use-cases │ ├── App Services │ └── AnalyticRules │ │ ├── AppServicesAVScanFailure.analytics.rule.yaml │ │ └── AppServicesAVScanwithInfectedFiles.analytics.rule.yaml │ ├── Azure Kubernetes │ ├── AnalyticsRules │ │ ├── AKSDisableCloudLogsAlerts.analytics.rule.yaml │ │ ├── AKSDisableCloudLogsAlerts.mitre.manifest.json │ │ ├── AKSExecutiondetection.analytics.rule.yaml │ │ ├── AKSExecutiondetection.mitre.manifest.json │ │ ├── AbilitytomonitorAKSContaineronAzure(PodsandClusters).analytics.rule.yaml │ │ ├── ContainerDeploymentfromunkownIPAddress.analytics.rule.yaml │ │ ├── ContainerDeploymentfromunkownIPAddress.mitre.manifest.json │ │ ├── NetworkServiceScanning.analytics.rule.yaml │ │ └── NetworkServiceScanning.mitre.manifest.json │ └── Watchlists │ │ ├── CIDR_Paw.csv │ │ └── CIDR_Paw.watchlist.metadata.json │ ├── Azure SQL │ └── AnalyticRules │ │ ├── SQL-Unusualexportlocation.analytics.rule.yaml │ │ ├── SQL-UseBruteForcetoobtainvalidSQLcredentials.analytics.rule.yaml │ │ ├── SQL-UseBruteForcetoobtainvalidSQLcredentials.mitre.manifest.json │ │ ├── SQL-securitycenteralerts.analytics.rule.yaml │ │ ├── SQLInjection.analytics.rule.yaml │ │ ├── SQLInjection.mitre.manifest.json │ │ ├── SQLSign-SQLSign-ineventfromunfamiliarlocation.mitre.manifest.json │ │ ├── SQLSign-ineventfromasuspiciousIP.analytics.rule.yaml │ │ ├── SQLSign-ineventfromasuspiciousIP.mitre.manifest.json │ │ └── SQLSign-ineventfromunfamiliarlocation.analytics.rule.yaml │ ├── AzureActiveDirectory │ ├── AlertAndPlaybooksConnections │ │ └── CompromisedAccounts.analytics.rule.playbooks.json │ ├── AnalyticsRules │ │ ├── AnomalousAzureActiveDirectoryappsbasedonauthenticationlocation.analytics.rule.yaml │ │ ├── AnomalousAzureActiveDirectoryappsbasedonauthenticationlocation.mitre.manifest.json │ │ ├── AttemptstosignintodisabledaccountsbyIPaddress.analytics.rule.yaml │ │ ├── AttemptstosignintodisabledaccountsbyIPaddress.mitre.manifest.json │ │ ├── Attemptstosignintodisabledaccountsbyaccountname.analytics.rule.yaml │ │ ├── Attemptstosignintodisabledaccountsbyaccountname.mitre.manifest.json │ │ ├── AttempttoLoginwithDisabledAccount.analytics.rule.yaml │ │ ├── AttempttoLoginwithDisabledAccount.mitre.manifest.json │ │ ├── AttempttobypassconditionalaccessruleinAzureAD.analytics.rule.yaml │ │ ├── AttempttobypassconditionalaccessruleinAzureAD.mitre.manifest.json │ │ ├── AzureAD-ImpossibleTravel.analytics.rule.yaml │ │ ├── AzureActiveDirectorysigninsfromnewlocations.analytics.rule.yaml │ │ ├── AzureActiveDirectorysigninsfromnewlocations.mitre.manifest.json │ │ ├── AzureResourceManagementfromNonApprovedIP.analytics.rule.yaml │ │ ├── AzureResourceManagementfromNonApprovedIP.mitre.manifest.json │ │ ├── AzureSecurityCenter-MFAmustbeenable.analytics.rule.yaml │ │ ├── AzureSecurityCenter-MFAmustbeenable.mitre.manifest.json │ │ ├── BruteforceattackagainstAzurePortal.analytics.rule.yaml │ │ ├── BruteforceattackagainstAzurePortal.mitre.manifest.json │ │ ├── CreateincidentsbasedonAzureActiveDirectoryIdentityProtectionalerts.analytics.rule.yaml │ │ ├── Detectbruteforceloginattemptswithgeographicinformation.analytics.rule.yaml │ │ ├── Detectbruteforceloginattemptswithgeographicinformation.mitre.manifest.json │ │ ├── ExcessiveLogonFailures.analytics.rule.yaml │ │ ├── FailedattempttoaccessAzurePortal.analytics.rule.yaml │ │ ├── FailedattempttoaccessAzurePortal.mitre.manifest.json │ │ ├── LoginattemptbyBlockedMFAuser.analytics.rule.yaml │ │ ├── LoginattemptbyBlockedMFAuser.mitre.manifest.json │ │ ├── MFAdisabledforauser.analytics.rule.yaml │ │ ├── MFAdisabledforauser.mitre.manifest.json │ │ ├── PasswordsprayattackagainstAzureADapplication.analytics.rule.yaml │ │ ├── PasswordsprayattackagainstAzureADapplication.mitre.manifest.json │ │ ├── PermutationsonlogonattemptsbyUserPrincipalNamesindicatingpotentialbruteforce.analytics.rule.yaml │ │ ├── PermutationsonlogonattemptsbyUserPrincipalNamesindicatingpotentialbruteforce.mitre.manifest.json │ │ └── Suspiciousgrantingofpermissionstoanaccount.analytics.rule.yaml │ ├── Playbooks │ │ ├── Compromised_Account_Mitigation.json │ │ ├── Compromised_Account_Mitigation.parameters.json │ │ ├── Login_Deviation_Behavior.json │ │ └── Login_Deviation_Behavior.parameters.json │ └── Watchlists │ │ ├── IP_Whitelist.csv │ │ └── IP_Whitelist.watchlist.metadata.json │ ├── MITRE │ └── Workbooks │ │ ├── MITRE.workbook.metadata.json │ │ └── MITRE.workbook.metadata.parameters.json │ ├── Machine Learning │ └── AnalyticsRules │ │ └── AdvancedMultistageAttackDetection.analytics.rule.yaml │ ├── Office 365 │ ├── AlertAndPlaybooksConnections │ │ └── CompromisedAccounts.analytics.rule.playbooks.json │ ├── AnalyticsRules │ │ ├── Auditadministratoractionsincludingmailboxcreationanddeletion.analytics.rule.yaml │ │ ├── Auditadministratoractionsincludingmailboxcreationanddeletion.mitre.manifest.json │ │ ├── CreateincidentsbasedonMicrosoftCloudAppSecurityalerts.analytics.rule.yaml │ │ ├── CreateincidentsbasedonMicrosoftDefenderAdvancedThreatProtectionalerts.analytics.rule.yaml │ │ ├── CreateincidentsbasedonOffice365AdvancedThreatProtectionalerts.analytics.rule.yaml │ │ ├── Emailsforwardingredirectruletoexternalmailbox.analytics.rule.yaml │ │ ├── Emailsforwardingredirectruletoexternalmailbox.mitre.manifest.json │ │ ├── ExchangeAuditLogdisabled.analytics.rule.yaml │ │ ├── ExchangeAuditLogdisabled.mitre.manifest.json │ │ ├── Externaluseraddedandremovedinshorttimeframe.analytics.rule.yaml │ │ ├── Externaluseraddedandremovedinshorttimeframe.mitre.manifest.json │ │ ├── MailredirectviaExOtransportrule.analytics.rule.yaml │ │ ├── MailredirectviaExOtransportrule.mitre.manifest.json │ │ ├── MaliciousInboxRule.analytics.rule.yaml │ │ ├── MaliciousInboxRule.mitre.manifest.json │ │ ├── MalwareDetectionbySharePointAVEngine.analytics.rule.yaml │ │ ├── Multipleusersemailforwardedtosamedestination.analytics.rule.yaml │ │ ├── Multipleusersemailforwardedtosamedestination.mitre.manifest.json │ │ ├── NewAdminaccountactivityseenwhichwasnotseenhistorically.analytics.rule.yaml │ │ ├── NewAdminaccountactivityseenwhichwasnotseenhistorically.mitre.manifest.json │ │ ├── RareandpotentiallyhighriskOfficeoperations.analytics.rule.yaml │ │ ├── RareandpotentiallyhighriskOfficeoperations.mitre.manifest.json │ │ ├── SuspiciousAuditConfigurationPolicyOperations.analytics.rule.yaml │ │ ├── SuspiciousAuditConfigurationPolicyOperations.mitre.manifest.json │ │ ├── SuspiciousThreatProtectionChanges.analytics.rule.yaml │ │ ├── SuspiciousapplicationconsentsimilartoO365AttackToolkit.analytics.rule.yaml │ │ └── SuspiciousapplicationconsentsimilartoO365AttackToolkit.mitre.manifest copy.json │ ├── Playbooks │ │ ├── Office365.SecurityAndCompliance.LogicApp.json │ │ └── Office365.SecurityAndCompliance.LogicApp.parameters.json │ └── Runbooks │ │ ├── Office365.Compliance.Case.ps1 │ │ └── Office365.Compliance.Case.psd1 │ ├── Quickstart │ └── AnalyticsRules │ │ └── QuickstartRule.analytics.rule.yaml │ ├── Readme.md │ ├── Storage Account │ ├── AnalyticsRules │ │ ├── Azurestoragekeyenumeration.analytics.rule.yaml │ │ ├── Azurestoragekeyenumeration.mitre.manifest.json │ │ ├── DetectMalwareinblobcontainer.analytics.rule.yaml │ │ └── DetectMalwareinblobcontainer.mitre.manifest.json │ ├── Playbooks │ │ ├── Remove_Malware.json │ │ └── Remove_Malware.parameters.json │ └── Runbooks │ │ ├── RemoveMalware.ps1 │ │ └── RemoveMalware.psd1 │ └── Virtual Machines │ ├── AnalyticsRules │ ├── AnomalousRDPLoginDetections.analytics.rule.yaml │ ├── AnomalousRDPLoginDetections.mitre.manifest.json │ ├── CreationofexpensivecomputesinAzure.analytics.rule.yaml │ ├── CreationofexpensivecomputesinAzure.mitre.manifest.json │ ├── Failedlogonattemptsbyvalidaccountswithin10mins.analytics.rule.yaml │ ├── Failedlogonattemptsbyvalidaccountswithin10mins.mitre.manifest copy.json │ ├── HostsWithNewLogons.analytics.rule.yaml │ ├── HostsWithNewLogons.mitre.manifest.json │ ├── MultipleFailedFollowedBySuccess.analytics.rule.yaml │ ├── MultipleFailedFollowedBySuccess.mitre.manifest.json │ ├── NetworkServiceScanning.analytics.rule.yaml │ ├── NetworkServiceScanning.mitre.manifest.json │ ├── RDPMultipleConnectionsFromSingleSystem.analytics.rule.yaml │ ├── RDPMultipleConnectionsFromSingleSystem.mitre.manifest.json │ ├── RDPNesting.analytics.rule.yaml │ ├── RDPNesting.mitre.manifest.json │ ├── RDPRareConnection.analytics.rule.yaml │ ├── RDPRareConnection.mitre.manifest.json │ ├── SuspiciousResourcedeployment.analytics.rule.yaml │ ├── SuspiciousResourcedeployment.mitre.manifest.json │ ├── SuspiciousWindowsLoginoutsidenormalhours.analytics.rule.yaml │ ├── SuspiciousWindowsLoginoutsidenormalhours.mitre.manifest.json │ ├── Suspiciousnumberofresourcecreationordeploymentactivities.analytics.rule.yaml │ └── Suspiciousnumberofresourcecreationordeploymentactivities.mitre.manifest.json │ ├── Playbooks │ ├── Chain_of_Custody.json │ ├── Chain_of_Custody.parameters.json │ ├── Sentinel_Mail_Notification.json │ └── Sentinel_Mail_Notification.parameters.json │ └── Runbooks │ ├── Copy-DigitalEvidenceVmLinux.ps1 │ ├── Copy-DigitalEvidenceVmLinux.psd1 │ ├── Copy-DigitalEvidenceVmWindows.ps1 │ ├── Copy-DigitalEvidenceVmWindows.psd1 │ ├── VMBlock_IP.ps1 │ └── VMBlock_IP.psd1 └── src ├── Build ├── Artifacts │ ├── ADO │ │ └── Microsoft.Sentinel.Artifacts.Build.yaml │ └── Scripts │ │ └── Azure.Mitre.Manifest.Generation.ps1 └── Framework │ ├── ADO │ └── Microsoft.Sentinel.Framework.Build.yml │ ├── Powershell.Modules.Build.ps1 │ ├── Powershell.Modules.Release.ps1 │ ├── Powershell.Nuget.Connect.ps1 │ ├── Powershell.Nuget.Credentials.ps1 │ └── Powershell.Nuget.Disconnect.ps1 ├── Dev └── Framework │ ├── Automation.DataExportRules │ ├── Automation.DataExportRules.ps1 │ └── Automation.DataExportRules.psd1 │ ├── Azure.Deployment.Environment │ └── Version │ │ └── Azure.Deployment.Environment │ │ ├── Azure.Deployment.Environment.psd1 │ │ └── Azure.Deployment.Environment.psm1 │ ├── Kql │ └── Azure.Kql.Powershell │ │ ├── Azure.Kql.Powershell.Tests │ │ ├── Azure.Kql.Powershell.Tests.csproj │ │ └── KqlPowershellTests.cs │ │ ├── Azure.Kql.Powershell.sln │ │ ├── Azure.Kql.Powershell │ │ ├── Azure.Kql.Powershell.csproj │ │ ├── KqlValidationException.cs │ │ └── KqlValidatorCommand.cs │ │ └── Module │ │ └── Azure.Kql.Powershell │ │ └── Version │ │ └── Azure.Kql.Powershell │ │ └── Azure.Kql.Powershell.psd1 │ ├── Microsoft.Sentinel.Automation │ └── Version │ │ └── Microsoft.Sentinel.Automation │ │ ├── Microsoft.Sentinel.Automation.psd1 │ │ └── Microsoft.Sentinel.Automation.psm1 │ ├── Microsoft.Sentinel.Connectors.Management │ └── Version │ │ └── Microsoft.Sentinel.Connectors.Management │ │ ├── Microsoft.Sentinel.Connectors.Management.psd1 │ │ └── Microsoft.Sentinel.Connectors.Management.psm1 │ ├── Microsoft.Sentinel.Connectors │ └── Version │ │ └── Microsoft.Sentinel.Connectors │ │ ├── Connectors │ │ ├── Azure.Activity.Connector.psm1 │ │ ├── Microsoft.Connectors.Common.psm1 │ │ ├── Microsoft.Sentinel.AzureAD.Connector.psm1 │ │ ├── Microsoft.Sentinel.AzureADIdentityProtection.Connector.psm1 │ │ ├── Microsoft.Sentinel.MicrosoftDefenderCloud.Connector.psm1 │ │ ├── Microsoft.Sentinel.ThreatIntelligence.Connector.psm1 │ │ ├── Microsoft365.Defender.Connectors.psm1 │ │ ├── Microsoft365.Logs.Connectors.psm1 │ │ ├── MicrosoftDefenderCloudApp.Connectors.psm1 │ │ └── ThreatIntelligenceTaxii.Connector.psm1 │ │ ├── Microsoft.Sentinel.Connectors.psd1 │ │ └── Microsoft.Sentinel.Connectors.psm1 │ ├── Microsoft.Sentinel.Playbooks │ └── Version │ │ └── Microsoft.Sentinel.Playbooks │ │ ├── Microsoft.Sentinel.Playbooks.psd1 │ │ └── Microsoft.Sentinel.Playbooks.psm1 │ ├── Microsoft.Sentinel.Rules │ └── Version │ │ └── Microsoft.Sentinel.Rules │ │ ├── Microsoft.Sentinel.Rules.psd1 │ │ └── Microsoft.Sentinel.Rules.psm1 │ ├── Microsoft.Sentinel.Watchlist │ └── Version │ │ └── Microsoft.Sentinel.Watchlist │ │ ├── Microsoft.Sentinel.Watchlist.psd1 │ │ └── Microsoft.Sentinel.Watchlist.psm1 │ └── Microsoft.Sentinel.Workbooks │ └── Version │ └── Microsoft.Sentinel.Workbooks │ ├── Microsoft.Sentinel.Workbooks.psd1 │ ├── Microsoft.Sentinel.Workbooks.psm1 │ └── Microsoft.Sentinel.Workbooks.template.json └── Release ├── Artifacts Deployment ├── ADO │ ├── Microsoft.Sentinel.Artifacts.Deployment.yml │ └── Microsoft.Sentinel.Artifacts.Export.yml └── Scripts │ ├── Azure.Automation.Runbooks.Deployment.ps1 │ ├── Microsoft.Sentinel.Alerts.Rules.Deployment.ps1 │ ├── Microsoft.Sentinel.Alerts.RulesPlaybookConnection.Deployment.ps1 │ ├── Microsoft.Sentinel.Automation.Rules.Deployment.ps1 │ ├── Microsoft.Sentinel.Export.ps1 │ ├── Microsoft.Sentinel.Hunting.Rules.Deployment.ps1 │ ├── Microsoft.Sentinel.Playbooks.Deployment.ps1 │ ├── Microsoft.Sentinel.Watchlist.Deployment.ps1 │ └── Microsoft.Sentinel.Workbooks.Deployment.ps1 ├── Common ├── Azure.Deployment.Environment.ps1 ├── Azure.Deployment.Location.ps1 ├── Azure.Deployment.Resource.Check.ps1 ├── Azure.DevOps.Extensions.psm1 ├── Azure.Environments.ps1 └── Azure.Subscription.ps1 └── Sentinel Deployment ├── ADO ├── Microsoft.Sentinel.Environment.Deployment.yml └── Microsoft.Sentinel.Environment.Destroy.yml ├── Resources ├── Automation │ ├── Azure.Automation.LogicApp.Connection.json │ ├── Azure.Automation.Roles.Deployment.json │ ├── Azure.Automation.Runbooks.Deployment.ps1 │ └── Azure.Automation.json ├── Databricks │ ├── Azure.Databricks.Cluster.Deployment.ps1 │ ├── Azure.Databricks.Cluster.Deployment.psm1 │ └── Azure.Databricks.Deployment.json ├── Defender │ ├── Azure.Defender.Configuration.Contacts.ps1 │ └── Azure.Defender.Provisioning.ps1 ├── EventHub │ ├── Azure.EventHubNamespace.Deployment.json │ └── Azure.EventHubNamespace.Roles.Deployment.json ├── KeyVault │ ├── Azure.KeyVault.Deployment.json │ └── Azure.KeyVault.LogicApp.Connection.json ├── LAW │ └── Azure.LogAnalytics.Workspace.json ├── Sentinel │ ├── Azure.Sentinel.LogicApp.Connection.json │ ├── LogAnalyticsAndSentinel.template.json │ ├── Managed.Identity.json │ └── Sentinel.template.json └── StorageAccount │ ├── Azure.StorageAccount.Roles.Deployment.json │ └── Azure.StorageAccout.Deployment.json └── Scripts ├── Microsoft.Sentinel.DataConnectors.Runtime.ps1 ├── Microsoft.Sentinel.Integration.Deployment.ps1 ├── Microsoft.Sentinel.Playbooks.Connections.Deployment.ps1 └── Microsoft.Sentinel.Remove.ps1 /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/.gitignore -------------------------------------------------------------------------------- /.vs/VSWorkspaceState.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/.vs/VSWorkspaceState.json -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/README.md -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/SECURITY.md -------------------------------------------------------------------------------- /SUPPORT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/SUPPORT.md -------------------------------------------------------------------------------- /Sentinel/environments/Integration/Connections/AzureActiveDirectory/Azure.AD.connection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Integration/Connections/AzureActiveDirectory/Azure.AD.connection.json -------------------------------------------------------------------------------- /Sentinel/environments/Integration/Connections/AzureActiveDirectory/Azure.AD.connection.parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Integration/Connections/AzureActiveDirectory/Azure.AD.connection.parameters.json -------------------------------------------------------------------------------- /Sentinel/environments/Integration/Connections/Office365/Office365.connection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Integration/Connections/Office365/Office365.connection.json -------------------------------------------------------------------------------- /Sentinel/environments/Integration/Connections/Office365/Office365.connection.parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Integration/Connections/Office365/Office365.connection.parameters.json -------------------------------------------------------------------------------- /Sentinel/environments/Integration/Connectors/AzureActiveDirectory.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Integration/Connectors/AzureActiveDirectory.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Integration/Connectors/AzureActiveDirectoryIdentityProtection.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Integration/Connectors/AzureActiveDirectoryIdentityProtection.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Integration/Connectors/AzureActivity.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Integration/Connectors/AzureActivity.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Integration/Connectors/AzureSecurityCenter.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Integration/Connectors/AzureSecurityCenter.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Integration/Connectors/MicrosoftCloudAppSecurity.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Integration/Connectors/MicrosoftCloudAppSecurity.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Integration/Connectors/Office365Defender.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Integration/Connectors/Office365Defender.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Integration/Connectors/Office365Logs.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Integration/Connectors/Office365Logs.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Integration/Connectors/ThreatIntelligenceTaxii.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Integration/Connectors/ThreatIntelligenceTaxii.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Integration/Environment.Integration.Definition.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Integration/Environment.Integration.Definition.json -------------------------------------------------------------------------------- /Sentinel/environments/Integration/Environment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Integration/Environment.json -------------------------------------------------------------------------------- /Sentinel/environments/PreProduction/Connections/AzureActiveDirectory/Azure.AD.connection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/PreProduction/Connections/AzureActiveDirectory/Azure.AD.connection.json -------------------------------------------------------------------------------- /Sentinel/environments/PreProduction/Connections/AzureActiveDirectory/Azure.AD.connection.parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/PreProduction/Connections/AzureActiveDirectory/Azure.AD.connection.parameters.json -------------------------------------------------------------------------------- /Sentinel/environments/PreProduction/Connections/Office365/Office365.connection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/PreProduction/Connections/Office365/Office365.connection.json -------------------------------------------------------------------------------- /Sentinel/environments/PreProduction/Connections/Office365/Office365.connection.parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/PreProduction/Connections/Office365/Office365.connection.parameters.json -------------------------------------------------------------------------------- /Sentinel/environments/PreProduction/Connectors/AzureActiveDirectory.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/PreProduction/Connectors/AzureActiveDirectory.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/PreProduction/Connectors/AzureActiveDirectoryIdentityProtection.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/PreProduction/Connectors/AzureActiveDirectoryIdentityProtection.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/PreProduction/Connectors/AzureActivity.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/PreProduction/Connectors/AzureActivity.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/PreProduction/Connectors/AzureSecurityCenter.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/PreProduction/Connectors/AzureSecurityCenter.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/PreProduction/Connectors/MicrosoftCloudAppSecurity.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/PreProduction/Connectors/MicrosoftCloudAppSecurity.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/PreProduction/Connectors/Office365Defender.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/PreProduction/Connectors/Office365Defender.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/PreProduction/Connectors/Office365Logs.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/PreProduction/Connectors/Office365Logs.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/PreProduction/Connectors/ThreatIntelligenceTaxii.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/PreProduction/Connectors/ThreatIntelligenceTaxii.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/PreProduction/Environment.Integration.Definition.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/PreProduction/Environment.Integration.Definition.json -------------------------------------------------------------------------------- /Sentinel/environments/PreProduction/Environment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/PreProduction/Environment.json -------------------------------------------------------------------------------- /Sentinel/environments/Production/Connections/AzureActiveDirectory/Azure.AD.connection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Production/Connections/AzureActiveDirectory/Azure.AD.connection.json -------------------------------------------------------------------------------- /Sentinel/environments/Production/Connections/AzureActiveDirectory/Azure.AD.connection.parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Production/Connections/AzureActiveDirectory/Azure.AD.connection.parameters.json -------------------------------------------------------------------------------- /Sentinel/environments/Production/Connections/Office365/Office365.connection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Production/Connections/Office365/Office365.connection.json -------------------------------------------------------------------------------- /Sentinel/environments/Production/Connections/Office365/Office365.connection.parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Production/Connections/Office365/Office365.connection.parameters.json -------------------------------------------------------------------------------- /Sentinel/environments/Production/Connectors/AzureActiveDirectory.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Production/Connectors/AzureActiveDirectory.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Production/Connectors/AzureActiveDirectoryIdentityProtection.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Production/Connectors/AzureActiveDirectoryIdentityProtection.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Production/Connectors/AzureActivity.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Production/Connectors/AzureActivity.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Production/Connectors/AzureSecurityCenter.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Production/Connectors/AzureSecurityCenter.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Production/Connectors/MicrosoftCloudAppSecurity.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Production/Connectors/MicrosoftCloudAppSecurity.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Production/Connectors/Office365Defender.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Production/Connectors/Office365Defender.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Production/Connectors/Office365Logs.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Production/Connectors/Office365Logs.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Production/Connectors/ThreatIntelligenceTaxii.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Production/Connectors/ThreatIntelligenceTaxii.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Production/Environment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Production/Environment.json -------------------------------------------------------------------------------- /Sentinel/environments/Test/Connections/AzureActiveDirectory/Azure.AD.connection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Test/Connections/AzureActiveDirectory/Azure.AD.connection.json -------------------------------------------------------------------------------- /Sentinel/environments/Test/Connections/AzureActiveDirectory/Azure.AD.connection.parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Test/Connections/AzureActiveDirectory/Azure.AD.connection.parameters.json -------------------------------------------------------------------------------- /Sentinel/environments/Test/Connections/Office365/Office365.connection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Test/Connections/Office365/Office365.connection.json -------------------------------------------------------------------------------- /Sentinel/environments/Test/Connections/Office365/Office365.connection.parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Test/Connections/Office365/Office365.connection.parameters.json -------------------------------------------------------------------------------- /Sentinel/environments/Test/Connectors/AzureActiveDirectory.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Test/Connectors/AzureActiveDirectory.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Test/Connectors/AzureActiveDirectoryIdentityProtection.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Test/Connectors/AzureActiveDirectoryIdentityProtection.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Test/Connectors/AzureActivity.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Test/Connectors/AzureActivity.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Test/Connectors/AzureSecurityCenter.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Test/Connectors/AzureSecurityCenter.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Test/Connectors/MicrosoftCloudAppSecurity.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Test/Connectors/MicrosoftCloudAppSecurity.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Test/Connectors/Office365Defender.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Test/Connectors/Office365Defender.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Test/Connectors/Office365Logs.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Test/Connectors/Office365Logs.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Test/Connectors/ThreatIntelligenceTaxii.settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Test/Connectors/ThreatIntelligenceTaxii.settings.json -------------------------------------------------------------------------------- /Sentinel/environments/Test/Environment.Integration.Definition.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Test/Environment.Integration.Definition.json -------------------------------------------------------------------------------- /Sentinel/environments/Test/Environment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/environments/Test/Environment.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/App Services/AnalyticRules/AppServicesAVScanFailure.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/App Services/AnalyticRules/AppServicesAVScanFailure.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/App Services/AnalyticRules/AppServicesAVScanwithInfectedFiles.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/App Services/AnalyticRules/AppServicesAVScanwithInfectedFiles.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/AKSDisableCloudLogsAlerts.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/AKSDisableCloudLogsAlerts.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/AKSDisableCloudLogsAlerts.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/AKSDisableCloudLogsAlerts.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/AKSExecutiondetection.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/AKSExecutiondetection.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/AKSExecutiondetection.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/AKSExecutiondetection.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/AbilitytomonitorAKSContaineronAzure(PodsandClusters).analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/AbilitytomonitorAKSContaineronAzure(PodsandClusters).analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/ContainerDeploymentfromunkownIPAddress.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/ContainerDeploymentfromunkownIPAddress.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/ContainerDeploymentfromunkownIPAddress.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/ContainerDeploymentfromunkownIPAddress.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/NetworkServiceScanning.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/NetworkServiceScanning.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/NetworkServiceScanning.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure Kubernetes/AnalyticsRules/NetworkServiceScanning.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure Kubernetes/Watchlists/CIDR_Paw.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure Kubernetes/Watchlists/CIDR_Paw.csv -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure Kubernetes/Watchlists/CIDR_Paw.watchlist.metadata.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure Kubernetes/Watchlists/CIDR_Paw.watchlist.metadata.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQL-Unusualexportlocation.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQL-Unusualexportlocation.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQL-UseBruteForcetoobtainvalidSQLcredentials.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQL-UseBruteForcetoobtainvalidSQLcredentials.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQL-UseBruteForcetoobtainvalidSQLcredentials.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQL-UseBruteForcetoobtainvalidSQLcredentials.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQL-securitycenteralerts.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQL-securitycenteralerts.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQLInjection.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQLInjection.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQLInjection.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQLInjection.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQLSign-SQLSign-ineventfromunfamiliarlocation.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQLSign-SQLSign-ineventfromunfamiliarlocation.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQLSign-ineventfromasuspiciousIP.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQLSign-ineventfromasuspiciousIP.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQLSign-ineventfromasuspiciousIP.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQLSign-ineventfromasuspiciousIP.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQLSign-ineventfromunfamiliarlocation.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Azure SQL/AnalyticRules/SQLSign-ineventfromunfamiliarlocation.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AlertAndPlaybooksConnections/CompromisedAccounts.analytics.rule.playbooks.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AlertAndPlaybooksConnections/CompromisedAccounts.analytics.rule.playbooks.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AnomalousAzureActiveDirectoryappsbasedonauthenticationlocation.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AnomalousAzureActiveDirectoryappsbasedonauthenticationlocation.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AnomalousAzureActiveDirectoryappsbasedonauthenticationlocation.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AnomalousAzureActiveDirectoryappsbasedonauthenticationlocation.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AttemptstosignintodisabledaccountsbyIPaddress.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AttemptstosignintodisabledaccountsbyIPaddress.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AttemptstosignintodisabledaccountsbyIPaddress.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AttemptstosignintodisabledaccountsbyIPaddress.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/Attemptstosignintodisabledaccountsbyaccountname.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/Attemptstosignintodisabledaccountsbyaccountname.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/Attemptstosignintodisabledaccountsbyaccountname.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/Attemptstosignintodisabledaccountsbyaccountname.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AttempttoLoginwithDisabledAccount.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AttempttoLoginwithDisabledAccount.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AttempttoLoginwithDisabledAccount.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AttempttoLoginwithDisabledAccount.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AttempttobypassconditionalaccessruleinAzureAD.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AttempttobypassconditionalaccessruleinAzureAD.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AttempttobypassconditionalaccessruleinAzureAD.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AttempttobypassconditionalaccessruleinAzureAD.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AzureAD-ImpossibleTravel.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AzureAD-ImpossibleTravel.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AzureActiveDirectorysigninsfromnewlocations.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AzureActiveDirectorysigninsfromnewlocations.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AzureActiveDirectorysigninsfromnewlocations.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AzureActiveDirectorysigninsfromnewlocations.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AzureResourceManagementfromNonApprovedIP.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AzureResourceManagementfromNonApprovedIP.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AzureResourceManagementfromNonApprovedIP.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AzureResourceManagementfromNonApprovedIP.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AzureSecurityCenter-MFAmustbeenable.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AzureSecurityCenter-MFAmustbeenable.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AzureSecurityCenter-MFAmustbeenable.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/AzureSecurityCenter-MFAmustbeenable.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/BruteforceattackagainstAzurePortal.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/BruteforceattackagainstAzurePortal.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/BruteforceattackagainstAzurePortal.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/BruteforceattackagainstAzurePortal.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/CreateincidentsbasedonAzureActiveDirectoryIdentityProtectionalerts.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/CreateincidentsbasedonAzureActiveDirectoryIdentityProtectionalerts.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/Detectbruteforceloginattemptswithgeographicinformation.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/Detectbruteforceloginattemptswithgeographicinformation.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/Detectbruteforceloginattemptswithgeographicinformation.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/Detectbruteforceloginattemptswithgeographicinformation.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/ExcessiveLogonFailures.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/ExcessiveLogonFailures.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/FailedattempttoaccessAzurePortal.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/FailedattempttoaccessAzurePortal.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/FailedattempttoaccessAzurePortal.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/FailedattempttoaccessAzurePortal.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/LoginattemptbyBlockedMFAuser.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/LoginattemptbyBlockedMFAuser.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/LoginattemptbyBlockedMFAuser.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/LoginattemptbyBlockedMFAuser.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/MFAdisabledforauser.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/MFAdisabledforauser.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/MFAdisabledforauser.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/MFAdisabledforauser.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/PasswordsprayattackagainstAzureADapplication.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/PasswordsprayattackagainstAzureADapplication.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/PasswordsprayattackagainstAzureADapplication.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/PasswordsprayattackagainstAzureADapplication.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/PermutationsonlogonattemptsbyUserPrincipalNamesindicatingpotentialbruteforce.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/PermutationsonlogonattemptsbyUserPrincipalNamesindicatingpotentialbruteforce.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/PermutationsonlogonattemptsbyUserPrincipalNamesindicatingpotentialbruteforce.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/PermutationsonlogonattemptsbyUserPrincipalNamesindicatingpotentialbruteforce.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/Suspiciousgrantingofpermissionstoanaccount.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/AnalyticsRules/Suspiciousgrantingofpermissionstoanaccount.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/Playbooks/Compromised_Account_Mitigation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/Playbooks/Compromised_Account_Mitigation.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/Playbooks/Compromised_Account_Mitigation.parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/Playbooks/Compromised_Account_Mitigation.parameters.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/Playbooks/Login_Deviation_Behavior.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/Playbooks/Login_Deviation_Behavior.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/Playbooks/Login_Deviation_Behavior.parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/Playbooks/Login_Deviation_Behavior.parameters.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/Watchlists/IP_Whitelist.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/Watchlists/IP_Whitelist.csv -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/AzureActiveDirectory/Watchlists/IP_Whitelist.watchlist.metadata.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/AzureActiveDirectory/Watchlists/IP_Whitelist.watchlist.metadata.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/MITRE/Workbooks/MITRE.workbook.metadata.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/MITRE/Workbooks/MITRE.workbook.metadata.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/MITRE/Workbooks/MITRE.workbook.metadata.parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/MITRE/Workbooks/MITRE.workbook.metadata.parameters.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Machine Learning/AnalyticsRules/AdvancedMultistageAttackDetection.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Machine Learning/AnalyticsRules/AdvancedMultistageAttackDetection.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AlertAndPlaybooksConnections/CompromisedAccounts.analytics.rule.playbooks.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AlertAndPlaybooksConnections/CompromisedAccounts.analytics.rule.playbooks.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/Auditadministratoractionsincludingmailboxcreationanddeletion.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/Auditadministratoractionsincludingmailboxcreationanddeletion.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/Auditadministratoractionsincludingmailboxcreationanddeletion.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/Auditadministratoractionsincludingmailboxcreationanddeletion.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/CreateincidentsbasedonMicrosoftCloudAppSecurityalerts.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/CreateincidentsbasedonMicrosoftCloudAppSecurityalerts.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/CreateincidentsbasedonMicrosoftDefenderAdvancedThreatProtectionalerts.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/CreateincidentsbasedonMicrosoftDefenderAdvancedThreatProtectionalerts.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/CreateincidentsbasedonOffice365AdvancedThreatProtectionalerts.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/CreateincidentsbasedonOffice365AdvancedThreatProtectionalerts.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/Emailsforwardingredirectruletoexternalmailbox.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/Emailsforwardingredirectruletoexternalmailbox.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/Emailsforwardingredirectruletoexternalmailbox.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/Emailsforwardingredirectruletoexternalmailbox.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/ExchangeAuditLogdisabled.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/ExchangeAuditLogdisabled.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/ExchangeAuditLogdisabled.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/ExchangeAuditLogdisabled.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/Externaluseraddedandremovedinshorttimeframe.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/Externaluseraddedandremovedinshorttimeframe.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/Externaluseraddedandremovedinshorttimeframe.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/Externaluseraddedandremovedinshorttimeframe.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/MailredirectviaExOtransportrule.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/MailredirectviaExOtransportrule.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/MailredirectviaExOtransportrule.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/MailredirectviaExOtransportrule.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/MaliciousInboxRule.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/MaliciousInboxRule.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/MaliciousInboxRule.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/MaliciousInboxRule.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/MalwareDetectionbySharePointAVEngine.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/MalwareDetectionbySharePointAVEngine.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/Multipleusersemailforwardedtosamedestination.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/Multipleusersemailforwardedtosamedestination.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/Multipleusersemailforwardedtosamedestination.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/Multipleusersemailforwardedtosamedestination.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/NewAdminaccountactivityseenwhichwasnotseenhistorically.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/NewAdminaccountactivityseenwhichwasnotseenhistorically.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/NewAdminaccountactivityseenwhichwasnotseenhistorically.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/NewAdminaccountactivityseenwhichwasnotseenhistorically.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/RareandpotentiallyhighriskOfficeoperations.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/RareandpotentiallyhighriskOfficeoperations.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/RareandpotentiallyhighriskOfficeoperations.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/RareandpotentiallyhighriskOfficeoperations.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/SuspiciousAuditConfigurationPolicyOperations.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/SuspiciousAuditConfigurationPolicyOperations.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/SuspiciousAuditConfigurationPolicyOperations.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/SuspiciousAuditConfigurationPolicyOperations.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/SuspiciousThreatProtectionChanges.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/SuspiciousThreatProtectionChanges.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/SuspiciousapplicationconsentsimilartoO365AttackToolkit.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/SuspiciousapplicationconsentsimilartoO365AttackToolkit.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/AnalyticsRules/SuspiciousapplicationconsentsimilartoO365AttackToolkit.mitre.manifest copy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/AnalyticsRules/SuspiciousapplicationconsentsimilartoO365AttackToolkit.mitre.manifest copy.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/Playbooks/Office365.SecurityAndCompliance.LogicApp.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/Playbooks/Office365.SecurityAndCompliance.LogicApp.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/Playbooks/Office365.SecurityAndCompliance.LogicApp.parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/Playbooks/Office365.SecurityAndCompliance.LogicApp.parameters.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/Runbooks/Office365.Compliance.Case.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/Runbooks/Office365.Compliance.Case.ps1 -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Office 365/Runbooks/Office365.Compliance.Case.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Office 365/Runbooks/Office365.Compliance.Case.psd1 -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Quickstart/AnalyticsRules/QuickstartRule.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Quickstart/AnalyticsRules/QuickstartRule.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Readme.md -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Storage Account/AnalyticsRules/Azurestoragekeyenumeration.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Storage Account/AnalyticsRules/Azurestoragekeyenumeration.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Storage Account/AnalyticsRules/Azurestoragekeyenumeration.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Storage Account/AnalyticsRules/Azurestoragekeyenumeration.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Storage Account/AnalyticsRules/DetectMalwareinblobcontainer.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Storage Account/AnalyticsRules/DetectMalwareinblobcontainer.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Storage Account/AnalyticsRules/DetectMalwareinblobcontainer.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Storage Account/AnalyticsRules/DetectMalwareinblobcontainer.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Storage Account/Playbooks/Remove_Malware.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Storage Account/Playbooks/Remove_Malware.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Storage Account/Playbooks/Remove_Malware.parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Storage Account/Playbooks/Remove_Malware.parameters.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Storage Account/Runbooks/RemoveMalware.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Storage Account/Runbooks/RemoveMalware.ps1 -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Storage Account/Runbooks/RemoveMalware.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Storage Account/Runbooks/RemoveMalware.psd1 -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/AnomalousRDPLoginDetections.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/AnomalousRDPLoginDetections.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/AnomalousRDPLoginDetections.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/AnomalousRDPLoginDetections.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/CreationofexpensivecomputesinAzure.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/CreationofexpensivecomputesinAzure.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/CreationofexpensivecomputesinAzure.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/CreationofexpensivecomputesinAzure.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/Failedlogonattemptsbyvalidaccountswithin10mins.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/Failedlogonattemptsbyvalidaccountswithin10mins.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/Failedlogonattemptsbyvalidaccountswithin10mins.mitre.manifest copy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/Failedlogonattemptsbyvalidaccountswithin10mins.mitre.manifest copy.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/HostsWithNewLogons.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/HostsWithNewLogons.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/HostsWithNewLogons.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/HostsWithNewLogons.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/MultipleFailedFollowedBySuccess.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/MultipleFailedFollowedBySuccess.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/MultipleFailedFollowedBySuccess.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/MultipleFailedFollowedBySuccess.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/NetworkServiceScanning.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/NetworkServiceScanning.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/NetworkServiceScanning.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/NetworkServiceScanning.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/RDPMultipleConnectionsFromSingleSystem.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/RDPMultipleConnectionsFromSingleSystem.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/RDPMultipleConnectionsFromSingleSystem.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/RDPMultipleConnectionsFromSingleSystem.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/RDPNesting.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/RDPNesting.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/RDPNesting.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/RDPNesting.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/RDPRareConnection.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/RDPRareConnection.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/RDPRareConnection.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/RDPRareConnection.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/SuspiciousResourcedeployment.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/SuspiciousResourcedeployment.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/SuspiciousResourcedeployment.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/SuspiciousResourcedeployment.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/SuspiciousWindowsLoginoutsidenormalhours.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/SuspiciousWindowsLoginoutsidenormalhours.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/SuspiciousWindowsLoginoutsidenormalhours.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/SuspiciousWindowsLoginoutsidenormalhours.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/Suspiciousnumberofresourcecreationordeploymentactivities.analytics.rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/Suspiciousnumberofresourcecreationordeploymentactivities.analytics.rule.yaml -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/Suspiciousnumberofresourcecreationordeploymentactivities.mitre.manifest.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/AnalyticsRules/Suspiciousnumberofresourcecreationordeploymentactivities.mitre.manifest.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/Playbooks/Chain_of_Custody.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/Playbooks/Chain_of_Custody.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/Playbooks/Chain_of_Custody.parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/Playbooks/Chain_of_Custody.parameters.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/Playbooks/Sentinel_Mail_Notification.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/Playbooks/Sentinel_Mail_Notification.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/Playbooks/Sentinel_Mail_Notification.parameters.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/Playbooks/Sentinel_Mail_Notification.parameters.json -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/Runbooks/Copy-DigitalEvidenceVmLinux.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/Runbooks/Copy-DigitalEvidenceVmLinux.ps1 -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/Runbooks/Copy-DigitalEvidenceVmLinux.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/Runbooks/Copy-DigitalEvidenceVmLinux.psd1 -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/Runbooks/Copy-DigitalEvidenceVmWindows.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/Runbooks/Copy-DigitalEvidenceVmWindows.ps1 -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/Runbooks/Copy-DigitalEvidenceVmWindows.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/Runbooks/Copy-DigitalEvidenceVmWindows.psd1 -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/Runbooks/VMBlock_IP.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/Runbooks/VMBlock_IP.ps1 -------------------------------------------------------------------------------- /Sentinel/mitre-use-cases/Virtual Machines/Runbooks/VMBlock_IP.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/Sentinel/mitre-use-cases/Virtual Machines/Runbooks/VMBlock_IP.psd1 -------------------------------------------------------------------------------- /src/Build/Artifacts/ADO/Microsoft.Sentinel.Artifacts.Build.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Build/Artifacts/ADO/Microsoft.Sentinel.Artifacts.Build.yaml -------------------------------------------------------------------------------- /src/Build/Artifacts/Scripts/Azure.Mitre.Manifest.Generation.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Build/Artifacts/Scripts/Azure.Mitre.Manifest.Generation.ps1 -------------------------------------------------------------------------------- /src/Build/Framework/ADO/Microsoft.Sentinel.Framework.Build.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Build/Framework/ADO/Microsoft.Sentinel.Framework.Build.yml -------------------------------------------------------------------------------- /src/Build/Framework/Powershell.Modules.Build.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Build/Framework/Powershell.Modules.Build.ps1 -------------------------------------------------------------------------------- /src/Build/Framework/Powershell.Modules.Release.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Build/Framework/Powershell.Modules.Release.ps1 -------------------------------------------------------------------------------- /src/Build/Framework/Powershell.Nuget.Connect.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Build/Framework/Powershell.Nuget.Connect.ps1 -------------------------------------------------------------------------------- /src/Build/Framework/Powershell.Nuget.Credentials.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Build/Framework/Powershell.Nuget.Credentials.ps1 -------------------------------------------------------------------------------- /src/Build/Framework/Powershell.Nuget.Disconnect.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Build/Framework/Powershell.Nuget.Disconnect.ps1 -------------------------------------------------------------------------------- /src/Dev/Framework/Automation.DataExportRules/Automation.DataExportRules.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Automation.DataExportRules/Automation.DataExportRules.ps1 -------------------------------------------------------------------------------- /src/Dev/Framework/Automation.DataExportRules/Automation.DataExportRules.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Automation.DataExportRules/Automation.DataExportRules.psd1 -------------------------------------------------------------------------------- /src/Dev/Framework/Azure.Deployment.Environment/Version/Azure.Deployment.Environment/Azure.Deployment.Environment.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Azure.Deployment.Environment/Version/Azure.Deployment.Environment/Azure.Deployment.Environment.psd1 -------------------------------------------------------------------------------- /src/Dev/Framework/Azure.Deployment.Environment/Version/Azure.Deployment.Environment/Azure.Deployment.Environment.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Azure.Deployment.Environment/Version/Azure.Deployment.Environment/Azure.Deployment.Environment.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Kql/Azure.Kql.Powershell/Azure.Kql.Powershell.Tests/Azure.Kql.Powershell.Tests.csproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Kql/Azure.Kql.Powershell/Azure.Kql.Powershell.Tests/Azure.Kql.Powershell.Tests.csproj -------------------------------------------------------------------------------- /src/Dev/Framework/Kql/Azure.Kql.Powershell/Azure.Kql.Powershell.Tests/KqlPowershellTests.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Kql/Azure.Kql.Powershell/Azure.Kql.Powershell.Tests/KqlPowershellTests.cs -------------------------------------------------------------------------------- /src/Dev/Framework/Kql/Azure.Kql.Powershell/Azure.Kql.Powershell.sln: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Kql/Azure.Kql.Powershell/Azure.Kql.Powershell.sln -------------------------------------------------------------------------------- /src/Dev/Framework/Kql/Azure.Kql.Powershell/Azure.Kql.Powershell/Azure.Kql.Powershell.csproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Kql/Azure.Kql.Powershell/Azure.Kql.Powershell/Azure.Kql.Powershell.csproj -------------------------------------------------------------------------------- /src/Dev/Framework/Kql/Azure.Kql.Powershell/Azure.Kql.Powershell/KqlValidationException.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Kql/Azure.Kql.Powershell/Azure.Kql.Powershell/KqlValidationException.cs -------------------------------------------------------------------------------- /src/Dev/Framework/Kql/Azure.Kql.Powershell/Azure.Kql.Powershell/KqlValidatorCommand.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Kql/Azure.Kql.Powershell/Azure.Kql.Powershell/KqlValidatorCommand.cs -------------------------------------------------------------------------------- /src/Dev/Framework/Kql/Azure.Kql.Powershell/Module/Azure.Kql.Powershell/Version/Azure.Kql.Powershell/Azure.Kql.Powershell.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Kql/Azure.Kql.Powershell/Module/Azure.Kql.Powershell/Version/Azure.Kql.Powershell/Azure.Kql.Powershell.psd1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Automation/Version/Microsoft.Sentinel.Automation/Microsoft.Sentinel.Automation.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Automation/Version/Microsoft.Sentinel.Automation/Microsoft.Sentinel.Automation.psd1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Automation/Version/Microsoft.Sentinel.Automation/Microsoft.Sentinel.Automation.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Automation/Version/Microsoft.Sentinel.Automation/Microsoft.Sentinel.Automation.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Connectors.Management/Version/Microsoft.Sentinel.Connectors.Management/Microsoft.Sentinel.Connectors.Management.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Connectors.Management/Version/Microsoft.Sentinel.Connectors.Management/Microsoft.Sentinel.Connectors.Management.psd1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Connectors.Management/Version/Microsoft.Sentinel.Connectors.Management/Microsoft.Sentinel.Connectors.Management.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Connectors.Management/Version/Microsoft.Sentinel.Connectors.Management/Microsoft.Sentinel.Connectors.Management.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/Azure.Activity.Connector.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/Azure.Activity.Connector.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/Microsoft.Connectors.Common.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/Microsoft.Connectors.Common.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/Microsoft.Sentinel.AzureAD.Connector.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/Microsoft.Sentinel.AzureAD.Connector.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/Microsoft.Sentinel.AzureADIdentityProtection.Connector.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/Microsoft.Sentinel.AzureADIdentityProtection.Connector.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/Microsoft.Sentinel.MicrosoftDefenderCloud.Connector.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/Microsoft.Sentinel.MicrosoftDefenderCloud.Connector.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/Microsoft.Sentinel.ThreatIntelligence.Connector.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/Microsoft.Sentinel.ThreatIntelligence.Connector.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/Microsoft365.Defender.Connectors.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/Microsoft365.Defender.Connectors.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/Microsoft365.Logs.Connectors.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/Microsoft365.Logs.Connectors.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/MicrosoftDefenderCloudApp.Connectors.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/MicrosoftDefenderCloudApp.Connectors.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/ThreatIntelligenceTaxii.Connector.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Connectors/ThreatIntelligenceTaxii.Connector.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Microsoft.Sentinel.Connectors.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Microsoft.Sentinel.Connectors.psd1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Microsoft.Sentinel.Connectors.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Connectors/Version/Microsoft.Sentinel.Connectors/Microsoft.Sentinel.Connectors.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Playbooks/Version/Microsoft.Sentinel.Playbooks/Microsoft.Sentinel.Playbooks.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Playbooks/Version/Microsoft.Sentinel.Playbooks/Microsoft.Sentinel.Playbooks.psd1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Playbooks/Version/Microsoft.Sentinel.Playbooks/Microsoft.Sentinel.Playbooks.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Playbooks/Version/Microsoft.Sentinel.Playbooks/Microsoft.Sentinel.Playbooks.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Rules/Version/Microsoft.Sentinel.Rules/Microsoft.Sentinel.Rules.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Rules/Version/Microsoft.Sentinel.Rules/Microsoft.Sentinel.Rules.psd1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Rules/Version/Microsoft.Sentinel.Rules/Microsoft.Sentinel.Rules.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Rules/Version/Microsoft.Sentinel.Rules/Microsoft.Sentinel.Rules.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Watchlist/Version/Microsoft.Sentinel.Watchlist/Microsoft.Sentinel.Watchlist.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Watchlist/Version/Microsoft.Sentinel.Watchlist/Microsoft.Sentinel.Watchlist.psd1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Watchlist/Version/Microsoft.Sentinel.Watchlist/Microsoft.Sentinel.Watchlist.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Watchlist/Version/Microsoft.Sentinel.Watchlist/Microsoft.Sentinel.Watchlist.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Workbooks/Version/Microsoft.Sentinel.Workbooks/Microsoft.Sentinel.Workbooks.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Workbooks/Version/Microsoft.Sentinel.Workbooks/Microsoft.Sentinel.Workbooks.psd1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Workbooks/Version/Microsoft.Sentinel.Workbooks/Microsoft.Sentinel.Workbooks.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Workbooks/Version/Microsoft.Sentinel.Workbooks/Microsoft.Sentinel.Workbooks.psm1 -------------------------------------------------------------------------------- /src/Dev/Framework/Microsoft.Sentinel.Workbooks/Version/Microsoft.Sentinel.Workbooks/Microsoft.Sentinel.Workbooks.template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Dev/Framework/Microsoft.Sentinel.Workbooks/Version/Microsoft.Sentinel.Workbooks/Microsoft.Sentinel.Workbooks.template.json -------------------------------------------------------------------------------- /src/Release/Artifacts Deployment/ADO/Microsoft.Sentinel.Artifacts.Deployment.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Artifacts Deployment/ADO/Microsoft.Sentinel.Artifacts.Deployment.yml -------------------------------------------------------------------------------- /src/Release/Artifacts Deployment/ADO/Microsoft.Sentinel.Artifacts.Export.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Artifacts Deployment/ADO/Microsoft.Sentinel.Artifacts.Export.yml -------------------------------------------------------------------------------- /src/Release/Artifacts Deployment/Scripts/Azure.Automation.Runbooks.Deployment.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Artifacts Deployment/Scripts/Azure.Automation.Runbooks.Deployment.ps1 -------------------------------------------------------------------------------- /src/Release/Artifacts Deployment/Scripts/Microsoft.Sentinel.Alerts.Rules.Deployment.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Artifacts Deployment/Scripts/Microsoft.Sentinel.Alerts.Rules.Deployment.ps1 -------------------------------------------------------------------------------- /src/Release/Artifacts Deployment/Scripts/Microsoft.Sentinel.Alerts.RulesPlaybookConnection.Deployment.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Artifacts Deployment/Scripts/Microsoft.Sentinel.Alerts.RulesPlaybookConnection.Deployment.ps1 -------------------------------------------------------------------------------- /src/Release/Artifacts Deployment/Scripts/Microsoft.Sentinel.Automation.Rules.Deployment.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Artifacts Deployment/Scripts/Microsoft.Sentinel.Automation.Rules.Deployment.ps1 -------------------------------------------------------------------------------- /src/Release/Artifacts Deployment/Scripts/Microsoft.Sentinel.Export.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Artifacts Deployment/Scripts/Microsoft.Sentinel.Export.ps1 -------------------------------------------------------------------------------- /src/Release/Artifacts Deployment/Scripts/Microsoft.Sentinel.Hunting.Rules.Deployment.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Artifacts Deployment/Scripts/Microsoft.Sentinel.Hunting.Rules.Deployment.ps1 -------------------------------------------------------------------------------- /src/Release/Artifacts Deployment/Scripts/Microsoft.Sentinel.Playbooks.Deployment.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Artifacts Deployment/Scripts/Microsoft.Sentinel.Playbooks.Deployment.ps1 -------------------------------------------------------------------------------- /src/Release/Artifacts Deployment/Scripts/Microsoft.Sentinel.Watchlist.Deployment.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Artifacts Deployment/Scripts/Microsoft.Sentinel.Watchlist.Deployment.ps1 -------------------------------------------------------------------------------- /src/Release/Artifacts Deployment/Scripts/Microsoft.Sentinel.Workbooks.Deployment.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Artifacts Deployment/Scripts/Microsoft.Sentinel.Workbooks.Deployment.ps1 -------------------------------------------------------------------------------- /src/Release/Common/Azure.Deployment.Environment.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Common/Azure.Deployment.Environment.ps1 -------------------------------------------------------------------------------- /src/Release/Common/Azure.Deployment.Location.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Common/Azure.Deployment.Location.ps1 -------------------------------------------------------------------------------- /src/Release/Common/Azure.Deployment.Resource.Check.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Common/Azure.Deployment.Resource.Check.ps1 -------------------------------------------------------------------------------- /src/Release/Common/Azure.DevOps.Extensions.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Common/Azure.DevOps.Extensions.psm1 -------------------------------------------------------------------------------- /src/Release/Common/Azure.Environments.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Common/Azure.Environments.ps1 -------------------------------------------------------------------------------- /src/Release/Common/Azure.Subscription.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Common/Azure.Subscription.ps1 -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/ADO/Microsoft.Sentinel.Environment.Deployment.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/ADO/Microsoft.Sentinel.Environment.Deployment.yml -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/ADO/Microsoft.Sentinel.Environment.Destroy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/ADO/Microsoft.Sentinel.Environment.Destroy.yml -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/Automation/Azure.Automation.LogicApp.Connection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/Automation/Azure.Automation.LogicApp.Connection.json -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/Automation/Azure.Automation.Roles.Deployment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/Automation/Azure.Automation.Roles.Deployment.json -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/Automation/Azure.Automation.Runbooks.Deployment.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/Automation/Azure.Automation.Runbooks.Deployment.ps1 -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/Automation/Azure.Automation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/Automation/Azure.Automation.json -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/Databricks/Azure.Databricks.Cluster.Deployment.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/Databricks/Azure.Databricks.Cluster.Deployment.ps1 -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/Databricks/Azure.Databricks.Cluster.Deployment.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/Databricks/Azure.Databricks.Cluster.Deployment.psm1 -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/Databricks/Azure.Databricks.Deployment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/Databricks/Azure.Databricks.Deployment.json -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/Defender/Azure.Defender.Configuration.Contacts.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/Defender/Azure.Defender.Configuration.Contacts.ps1 -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/Defender/Azure.Defender.Provisioning.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/Defender/Azure.Defender.Provisioning.ps1 -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/EventHub/Azure.EventHubNamespace.Deployment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/EventHub/Azure.EventHubNamespace.Deployment.json -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/EventHub/Azure.EventHubNamespace.Roles.Deployment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/EventHub/Azure.EventHubNamespace.Roles.Deployment.json -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/KeyVault/Azure.KeyVault.Deployment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/KeyVault/Azure.KeyVault.Deployment.json -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/KeyVault/Azure.KeyVault.LogicApp.Connection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/KeyVault/Azure.KeyVault.LogicApp.Connection.json -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/LAW/Azure.LogAnalytics.Workspace.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/LAW/Azure.LogAnalytics.Workspace.json -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/Sentinel/Azure.Sentinel.LogicApp.Connection.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/Sentinel/Azure.Sentinel.LogicApp.Connection.json -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/Sentinel/LogAnalyticsAndSentinel.template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/Sentinel/LogAnalyticsAndSentinel.template.json -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/Sentinel/Managed.Identity.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/Sentinel/Managed.Identity.json -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/Sentinel/Sentinel.template.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/Sentinel/Sentinel.template.json -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/StorageAccount/Azure.StorageAccount.Roles.Deployment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/StorageAccount/Azure.StorageAccount.Roles.Deployment.json -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Resources/StorageAccount/Azure.StorageAccout.Deployment.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Resources/StorageAccount/Azure.StorageAccout.Deployment.json -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Scripts/Microsoft.Sentinel.DataConnectors.Runtime.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Scripts/Microsoft.Sentinel.DataConnectors.Runtime.ps1 -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Scripts/Microsoft.Sentinel.Integration.Deployment.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Scripts/Microsoft.Sentinel.Integration.Deployment.ps1 -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Scripts/Microsoft.Sentinel.Playbooks.Connections.Deployment.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Scripts/Microsoft.Sentinel.Playbooks.Connections.Deployment.ps1 -------------------------------------------------------------------------------- /src/Release/Sentinel Deployment/Scripts/Microsoft.Sentinel.Remove.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/sentinel-as-code/HEAD/src/Release/Sentinel Deployment/Scripts/Microsoft.Sentinel.Remove.ps1 --------------------------------------------------------------------------------