├── .build.ps1 ├── .build ├── BuildHelpers │ ├── Clean.BuildHelpers.build.ps1 │ └── Environment.BuildHelpers.build.ps1 ├── PSDeploy │ └── DeployAll.PSDeploy.build.ps1 ├── Pester │ ├── IntegrationTests.pester.build.ps1 │ ├── QualityTests.pester.build.ps1 │ └── UnitTests.pester.build.ps1 ├── PlatyPS │ └── generateHelp.PlatyPS.build.ps1 └── Release │ ├── Get-MergedModule.ps1 │ └── MergeModule.Release.build.ps1 ├── .github ├── ISSUE_TEMPLATE.md ├── ISSUE_TEMPLATE │ ├── Bug_Report.md │ ├── Documentation_Issue.md │ ├── Feature_Request.md │ └── Guidance_Issue.md ├── PULL_REQUEST_TEMPLATE.md └── workflows │ └── main.yml ├── .gitignore ├── .vscode ├── launch.json └── settings.json ├── AzSentinel ├── AzSentinel.psd1 ├── AzSentinel.psm1 ├── Classes │ ├── AlertRule.ps1 │ ├── Fusion.ps1 │ ├── Hunting.ps1 │ ├── HuntingRule.ps1 │ ├── IncidentConfiguration.ps1 │ ├── MLBehaviorAnalytics.ps1 │ ├── MicrosoftSecurityIncidentCreation.ps1 │ ├── ScheduledAlertProp.ps1 │ ├── classes.psd1 │ └── groupingConfiguration.ps1 ├── Private │ ├── Compare-Policy.ps1 │ ├── Get-AuthToken.ps1 │ ├── Get-AzSentinelPlayBook.ps1 │ ├── Get-AzSentinelResourceProvider.ps1 │ ├── Get-LogAnalyticWorkspace.ps1 │ ├── Set-AzSentinelResourceProvider.ps1 │ └── precheck.ps1 ├── Public │ ├── Add-AzSentinelIncidentComment.ps1 │ ├── Disable-AzSentinelAlertRule.ps1 │ ├── Enable-AzSentinelAlertRule.ps1 │ ├── Export-AzSentinel.ps1 │ ├── Get-AzSentinelAlertRule.ps1 │ ├── Get-AzSentinelAlertRuleAction.ps1 │ ├── Get-AzSentinelAlertRuleTemplates.ps1 │ ├── Get-AzSentinelDataConnector.ps1 │ ├── Get-AzSentinelHuntingRule.ps1 │ ├── Get-AzSentinelIncident.ps1 │ ├── Import-AzSentinelAlertRule.ps1 │ ├── Import-AzSentinelDataConnector.ps1 │ ├── Import-AzSentinelHuntingRule.ps1 │ ├── New-AzSentinelAlertRule.ps1 │ ├── New-AzSentinelAlertRuleAction.ps1 │ ├── New-AzSentinelHuntingRule.ps1 │ ├── Remove-AzSentinelAlertRule.ps1 │ ├── Remove-AzSentinelAlertRuleAction.ps1 │ ├── Remove-AzSentinelHuntingRule.ps1 │ ├── Rename-AzSentinelAlertRule.ps1 │ ├── Set-AzSentinel.ps1 │ └── Update-AzSentinelIncident.ps1 ├── docs │ ├── Add-AzSentinelIncidentComment.md │ ├── Disable-AzSentinelAlertRule.md │ ├── Enable-AzSentinelAlertRule.md │ ├── Export-AzSentinel.md │ ├── Get-AzSentinelAlertRule.md │ ├── Get-AzSentinelAlertRuleAction.md │ ├── Get-AzSentinelAlertRuleTemplates.md │ ├── Get-AzSentinelDataConnector.md │ ├── Get-AzSentinelHuntingRule.md │ ├── Get-AzSentinelIncident.md │ ├── Import-AzSentinelAlertRule.md │ ├── Import-AzSentinelDataConnector.md │ ├── Import-AzSentinelHuntingRule.md │ ├── New-AzSentinelAlertRule.md │ ├── New-AzSentinelAlertRuleAction.md │ ├── New-AzSentinelHuntingRule.md │ ├── README.md │ ├── Remove-AzSentinelAlertRule.md │ ├── Remove-AzSentinelAlertRuleAction.md │ ├── Remove-AzSentinelHuntingRule.md │ ├── Rename-AzSentinelAlertRule.md │ ├── Set-AzSentinel.md │ └── Update-AzSentinelIncident.md ├── enums │ ├── CloseReason.ps1 │ ├── DataSourceName.ps1 │ ├── ExportType.ps1 │ ├── GroupByEntities.ps1 │ ├── Kind.ps1 │ ├── MatchingMethod.ps1 │ ├── Severity.ps1 │ ├── Status.ps1 │ ├── Tactics.ps1 │ ├── TriggerOperator.ps1 │ └── aggregationKind.ps1 └── tests │ ├── QA │ └── module.tests.ps1 │ └── Unit │ ├── classes │ └── AlertRule.tests.ps1 │ ├── private │ ├── Compare-Policy.tests.ps1 │ ├── Get-AuthToken.tests.ps1 │ ├── Get-AzSentinelPlayBook.tests.ps1 │ ├── Get-AzSentinelResourceProvider.tests.ps1 │ ├── Get-LogAnalyticWorkspace.tests.ps1 │ ├── Set-AzSentinelResourceProvider.tests.ps1 │ └── precheck.tests.ps1 │ └── public │ ├── Add-AzSentinelIncidentComment.tests.ps1 │ ├── Disable-AzSentinelAlertRule.tests.ps1 │ ├── Enable-AzSentinelAlertRule.tests.ps1 │ ├── Export-AzSentinel.tests.ps1 │ ├── Get-AzSentinelAlertRule.tests.ps1 │ ├── Get-AzSentinelAlertRuleAction.tests.ps1 │ ├── Get-AzSentinelAlertRuleTemplates.tests.ps1 │ ├── Get-AzSentinelDataConnector.tests.ps1 │ ├── Get-AzSentinelHuntingRule.tests.ps1 │ ├── Get-AzSentinelIncident.tests.ps1 │ ├── Import-AzSentinelAlertRule.tests.ps1 │ ├── Import-AzSentinelDataConnector.tests.ps1 │ ├── Import-AzSentinelHuntingRule.tests.ps1 │ ├── New-AzSentinelAlertRule.tests.ps1 │ ├── New-AzSentinelAlertRuleAction.tests.ps1 │ ├── New-AzSentinelHuntingRule.tests.ps1 │ ├── Remove-AzSentinelAlertRule.tests.ps1 │ ├── Remove-AzSentinelAlertRuleAction.tests.ps1 │ ├── Remove-AzSentinelHuntingRule.tests.ps1 │ ├── Rename-AzSentinelAlertRule.tests.ps1 │ ├── Set-AzSentinel.tests.ps1 │ └── Update-AzSentinelIncident.tests.ps1 ├── CONTRIBUTING.md ├── Deploy.PSDeploy.ps1 ├── LICENSE ├── PSDepend.build.psd1 ├── README.md ├── _config.yml ├── docs ├── Add-AzSentinelIncidentComment.md ├── Disable-AzSentinelAlertRule.md ├── Enable-AzSentinelAlertRule.md ├── Export-AzSentinel.md ├── Get-AzSentinelAlertRule.md ├── Get-AzSentinelAlertRuleAction.md ├── Get-AzSentinelAlertRuleTemplates.md ├── Get-AzSentinelDataConnector.md ├── Get-AzSentinelHuntingRule.md ├── Get-AzSentinelIncident.md ├── Import-AzSentinelAlertRule.md ├── Import-AzSentinelDataConnector.md ├── Import-AzSentinelHuntingRule.md ├── New-AzSentinelAlertRule.md ├── New-AzSentinelAlertRuleAction.md ├── New-AzSentinelHuntingRule.md ├── README.md ├── Remove-AzSentinelAlertRule.md ├── Remove-AzSentinelAlertRuleAction.md ├── Remove-AzSentinelHuntingRule.md ├── Rename-AzSentinelAlertRule.md ├── Set-AzSentinel.md └── Update-AzSentinelIncident.md └── examples ├── AlertRules.json ├── AlertRules.yaml ├── DataConnectors.json ├── HuntingRules.json └── SuspectApplicationConsent.yaml /.build.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.build.ps1 -------------------------------------------------------------------------------- /.build/BuildHelpers/Clean.BuildHelpers.build.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.build/BuildHelpers/Clean.BuildHelpers.build.ps1 -------------------------------------------------------------------------------- /.build/BuildHelpers/Environment.BuildHelpers.build.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.build/BuildHelpers/Environment.BuildHelpers.build.ps1 -------------------------------------------------------------------------------- /.build/PSDeploy/DeployAll.PSDeploy.build.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.build/PSDeploy/DeployAll.PSDeploy.build.ps1 -------------------------------------------------------------------------------- /.build/Pester/IntegrationTests.pester.build.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.build/Pester/IntegrationTests.pester.build.ps1 -------------------------------------------------------------------------------- /.build/Pester/QualityTests.pester.build.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.build/Pester/QualityTests.pester.build.ps1 -------------------------------------------------------------------------------- /.build/Pester/UnitTests.pester.build.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.build/Pester/UnitTests.pester.build.ps1 -------------------------------------------------------------------------------- /.build/PlatyPS/generateHelp.PlatyPS.build.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.build/PlatyPS/generateHelp.PlatyPS.build.ps1 -------------------------------------------------------------------------------- /.build/Release/Get-MergedModule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.build/Release/Get-MergedModule.ps1 -------------------------------------------------------------------------------- /.build/Release/MergeModule.Release.build.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.build/Release/MergeModule.Release.build.ps1 -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.github/ISSUE_TEMPLATE.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/Bug_Report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.github/ISSUE_TEMPLATE/Bug_Report.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/Documentation_Issue.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.github/ISSUE_TEMPLATE/Documentation_Issue.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/Feature_Request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.github/ISSUE_TEMPLATE/Feature_Request.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/Guidance_Issue.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.github/ISSUE_TEMPLATE/Guidance_Issue.md -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.github/PULL_REQUEST_TEMPLATE.md -------------------------------------------------------------------------------- /.github/workflows/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.github/workflows/main.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | temp/* 2 | BuildOutput/* 3 | -------------------------------------------------------------------------------- /.vscode/launch.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.vscode/launch.json -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/.vscode/settings.json -------------------------------------------------------------------------------- /AzSentinel/AzSentinel.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/AzSentinel.psd1 -------------------------------------------------------------------------------- /AzSentinel/AzSentinel.psm1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/AzSentinel.psm1 -------------------------------------------------------------------------------- /AzSentinel/Classes/AlertRule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Classes/AlertRule.ps1 -------------------------------------------------------------------------------- /AzSentinel/Classes/Fusion.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Classes/Fusion.ps1 -------------------------------------------------------------------------------- /AzSentinel/Classes/Hunting.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Classes/Hunting.ps1 -------------------------------------------------------------------------------- /AzSentinel/Classes/HuntingRule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Classes/HuntingRule.ps1 -------------------------------------------------------------------------------- /AzSentinel/Classes/IncidentConfiguration.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Classes/IncidentConfiguration.ps1 -------------------------------------------------------------------------------- /AzSentinel/Classes/MLBehaviorAnalytics.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Classes/MLBehaviorAnalytics.ps1 -------------------------------------------------------------------------------- /AzSentinel/Classes/MicrosoftSecurityIncidentCreation.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Classes/MicrosoftSecurityIncidentCreation.ps1 -------------------------------------------------------------------------------- /AzSentinel/Classes/ScheduledAlertProp.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Classes/ScheduledAlertProp.ps1 -------------------------------------------------------------------------------- /AzSentinel/Classes/classes.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Classes/classes.psd1 -------------------------------------------------------------------------------- /AzSentinel/Classes/groupingConfiguration.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Classes/groupingConfiguration.ps1 -------------------------------------------------------------------------------- /AzSentinel/Private/Compare-Policy.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Private/Compare-Policy.ps1 -------------------------------------------------------------------------------- /AzSentinel/Private/Get-AuthToken.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Private/Get-AuthToken.ps1 -------------------------------------------------------------------------------- /AzSentinel/Private/Get-AzSentinelPlayBook.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Private/Get-AzSentinelPlayBook.ps1 -------------------------------------------------------------------------------- /AzSentinel/Private/Get-AzSentinelResourceProvider.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Private/Get-AzSentinelResourceProvider.ps1 -------------------------------------------------------------------------------- /AzSentinel/Private/Get-LogAnalyticWorkspace.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Private/Get-LogAnalyticWorkspace.ps1 -------------------------------------------------------------------------------- /AzSentinel/Private/Set-AzSentinelResourceProvider.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Private/Set-AzSentinelResourceProvider.ps1 -------------------------------------------------------------------------------- /AzSentinel/Private/precheck.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Private/precheck.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Add-AzSentinelIncidentComment.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Add-AzSentinelIncidentComment.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Disable-AzSentinelAlertRule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Disable-AzSentinelAlertRule.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Enable-AzSentinelAlertRule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Enable-AzSentinelAlertRule.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Export-AzSentinel.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Export-AzSentinel.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Get-AzSentinelAlertRule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Get-AzSentinelAlertRule.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Get-AzSentinelAlertRuleAction.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Get-AzSentinelAlertRuleAction.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Get-AzSentinelAlertRuleTemplates.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Get-AzSentinelAlertRuleTemplates.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Get-AzSentinelDataConnector.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Get-AzSentinelDataConnector.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Get-AzSentinelHuntingRule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Get-AzSentinelHuntingRule.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Get-AzSentinelIncident.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Get-AzSentinelIncident.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Import-AzSentinelAlertRule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Import-AzSentinelAlertRule.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Import-AzSentinelDataConnector.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Import-AzSentinelDataConnector.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Import-AzSentinelHuntingRule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Import-AzSentinelHuntingRule.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/New-AzSentinelAlertRule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/New-AzSentinelAlertRule.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/New-AzSentinelAlertRuleAction.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/New-AzSentinelAlertRuleAction.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/New-AzSentinelHuntingRule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/New-AzSentinelHuntingRule.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Remove-AzSentinelAlertRule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Remove-AzSentinelAlertRule.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Remove-AzSentinelAlertRuleAction.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Remove-AzSentinelAlertRuleAction.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Remove-AzSentinelHuntingRule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Remove-AzSentinelHuntingRule.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Rename-AzSentinelAlertRule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Rename-AzSentinelAlertRule.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Set-AzSentinel.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Set-AzSentinel.ps1 -------------------------------------------------------------------------------- /AzSentinel/Public/Update-AzSentinelIncident.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/Public/Update-AzSentinelIncident.ps1 -------------------------------------------------------------------------------- /AzSentinel/docs/Add-AzSentinelIncidentComment.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Add-AzSentinelIncidentComment.md -------------------------------------------------------------------------------- /AzSentinel/docs/Disable-AzSentinelAlertRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Disable-AzSentinelAlertRule.md -------------------------------------------------------------------------------- /AzSentinel/docs/Enable-AzSentinelAlertRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Enable-AzSentinelAlertRule.md -------------------------------------------------------------------------------- /AzSentinel/docs/Export-AzSentinel.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Export-AzSentinel.md -------------------------------------------------------------------------------- /AzSentinel/docs/Get-AzSentinelAlertRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Get-AzSentinelAlertRule.md -------------------------------------------------------------------------------- /AzSentinel/docs/Get-AzSentinelAlertRuleAction.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Get-AzSentinelAlertRuleAction.md -------------------------------------------------------------------------------- /AzSentinel/docs/Get-AzSentinelAlertRuleTemplates.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Get-AzSentinelAlertRuleTemplates.md -------------------------------------------------------------------------------- /AzSentinel/docs/Get-AzSentinelDataConnector.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Get-AzSentinelDataConnector.md -------------------------------------------------------------------------------- /AzSentinel/docs/Get-AzSentinelHuntingRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Get-AzSentinelHuntingRule.md -------------------------------------------------------------------------------- /AzSentinel/docs/Get-AzSentinelIncident.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Get-AzSentinelIncident.md -------------------------------------------------------------------------------- /AzSentinel/docs/Import-AzSentinelAlertRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Import-AzSentinelAlertRule.md -------------------------------------------------------------------------------- /AzSentinel/docs/Import-AzSentinelDataConnector.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Import-AzSentinelDataConnector.md -------------------------------------------------------------------------------- /AzSentinel/docs/Import-AzSentinelHuntingRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Import-AzSentinelHuntingRule.md -------------------------------------------------------------------------------- /AzSentinel/docs/New-AzSentinelAlertRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/New-AzSentinelAlertRule.md -------------------------------------------------------------------------------- /AzSentinel/docs/New-AzSentinelAlertRuleAction.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/New-AzSentinelAlertRuleAction.md -------------------------------------------------------------------------------- /AzSentinel/docs/New-AzSentinelHuntingRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/New-AzSentinelHuntingRule.md -------------------------------------------------------------------------------- /AzSentinel/docs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/README.md -------------------------------------------------------------------------------- /AzSentinel/docs/Remove-AzSentinelAlertRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Remove-AzSentinelAlertRule.md -------------------------------------------------------------------------------- /AzSentinel/docs/Remove-AzSentinelAlertRuleAction.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Remove-AzSentinelAlertRuleAction.md -------------------------------------------------------------------------------- /AzSentinel/docs/Remove-AzSentinelHuntingRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Remove-AzSentinelHuntingRule.md -------------------------------------------------------------------------------- /AzSentinel/docs/Rename-AzSentinelAlertRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Rename-AzSentinelAlertRule.md -------------------------------------------------------------------------------- /AzSentinel/docs/Set-AzSentinel.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Set-AzSentinel.md -------------------------------------------------------------------------------- /AzSentinel/docs/Update-AzSentinelIncident.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/docs/Update-AzSentinelIncident.md -------------------------------------------------------------------------------- /AzSentinel/enums/CloseReason.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/enums/CloseReason.ps1 -------------------------------------------------------------------------------- /AzSentinel/enums/DataSourceName.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/enums/DataSourceName.ps1 -------------------------------------------------------------------------------- /AzSentinel/enums/ExportType.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/enums/ExportType.ps1 -------------------------------------------------------------------------------- /AzSentinel/enums/GroupByEntities.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/enums/GroupByEntities.ps1 -------------------------------------------------------------------------------- /AzSentinel/enums/Kind.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/enums/Kind.ps1 -------------------------------------------------------------------------------- /AzSentinel/enums/MatchingMethod.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/enums/MatchingMethod.ps1 -------------------------------------------------------------------------------- /AzSentinel/enums/Severity.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/enums/Severity.ps1 -------------------------------------------------------------------------------- /AzSentinel/enums/Status.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/enums/Status.ps1 -------------------------------------------------------------------------------- /AzSentinel/enums/Tactics.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/enums/Tactics.ps1 -------------------------------------------------------------------------------- /AzSentinel/enums/TriggerOperator.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/enums/TriggerOperator.ps1 -------------------------------------------------------------------------------- /AzSentinel/enums/aggregationKind.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/enums/aggregationKind.ps1 -------------------------------------------------------------------------------- /AzSentinel/tests/QA/module.tests.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/tests/QA/module.tests.ps1 -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/classes/AlertRule.tests.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/tests/Unit/classes/AlertRule.tests.ps1 -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/private/Compare-Policy.tests.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/AzSentinel/tests/Unit/private/Compare-Policy.tests.ps1 -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/private/Get-AuthToken.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/private/Get-AzSentinelPlayBook.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/private/Get-AzSentinelResourceProvider.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/private/Get-LogAnalyticWorkspace.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/private/Set-AzSentinelResourceProvider.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/private/precheck.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Add-AzSentinelIncidentComment.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Disable-AzSentinelAlertRule.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Enable-AzSentinelAlertRule.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Export-AzSentinel.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Get-AzSentinelAlertRule.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Get-AzSentinelAlertRuleAction.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Get-AzSentinelAlertRuleTemplates.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Get-AzSentinelDataConnector.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Get-AzSentinelHuntingRule.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Get-AzSentinelIncident.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Import-AzSentinelAlertRule.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Import-AzSentinelDataConnector.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Import-AzSentinelHuntingRule.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/New-AzSentinelAlertRule.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/New-AzSentinelAlertRuleAction.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/New-AzSentinelHuntingRule.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Remove-AzSentinelAlertRule.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Remove-AzSentinelAlertRuleAction.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Remove-AzSentinelHuntingRule.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Rename-AzSentinelAlertRule.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Set-AzSentinel.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /AzSentinel/tests/Unit/public/Update-AzSentinelIncident.tests.ps1: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /Deploy.PSDeploy.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/Deploy.PSDeploy.ps1 -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/LICENSE -------------------------------------------------------------------------------- /PSDepend.build.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/PSDepend.build.psd1 -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/README.md -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/_config.yml -------------------------------------------------------------------------------- /docs/Add-AzSentinelIncidentComment.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Add-AzSentinelIncidentComment.md -------------------------------------------------------------------------------- /docs/Disable-AzSentinelAlertRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Disable-AzSentinelAlertRule.md -------------------------------------------------------------------------------- /docs/Enable-AzSentinelAlertRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Enable-AzSentinelAlertRule.md -------------------------------------------------------------------------------- /docs/Export-AzSentinel.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Export-AzSentinel.md -------------------------------------------------------------------------------- /docs/Get-AzSentinelAlertRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Get-AzSentinelAlertRule.md -------------------------------------------------------------------------------- /docs/Get-AzSentinelAlertRuleAction.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Get-AzSentinelAlertRuleAction.md -------------------------------------------------------------------------------- /docs/Get-AzSentinelAlertRuleTemplates.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Get-AzSentinelAlertRuleTemplates.md -------------------------------------------------------------------------------- /docs/Get-AzSentinelDataConnector.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Get-AzSentinelDataConnector.md -------------------------------------------------------------------------------- /docs/Get-AzSentinelHuntingRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Get-AzSentinelHuntingRule.md -------------------------------------------------------------------------------- /docs/Get-AzSentinelIncident.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Get-AzSentinelIncident.md -------------------------------------------------------------------------------- /docs/Import-AzSentinelAlertRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Import-AzSentinelAlertRule.md -------------------------------------------------------------------------------- /docs/Import-AzSentinelDataConnector.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Import-AzSentinelDataConnector.md -------------------------------------------------------------------------------- /docs/Import-AzSentinelHuntingRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Import-AzSentinelHuntingRule.md -------------------------------------------------------------------------------- /docs/New-AzSentinelAlertRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/New-AzSentinelAlertRule.md -------------------------------------------------------------------------------- /docs/New-AzSentinelAlertRuleAction.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/New-AzSentinelAlertRuleAction.md -------------------------------------------------------------------------------- /docs/New-AzSentinelHuntingRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/New-AzSentinelHuntingRule.md -------------------------------------------------------------------------------- /docs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/README.md -------------------------------------------------------------------------------- /docs/Remove-AzSentinelAlertRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Remove-AzSentinelAlertRule.md -------------------------------------------------------------------------------- /docs/Remove-AzSentinelAlertRuleAction.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Remove-AzSentinelAlertRuleAction.md -------------------------------------------------------------------------------- /docs/Remove-AzSentinelHuntingRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Remove-AzSentinelHuntingRule.md -------------------------------------------------------------------------------- /docs/Rename-AzSentinelAlertRule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Rename-AzSentinelAlertRule.md -------------------------------------------------------------------------------- /docs/Set-AzSentinel.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Set-AzSentinel.md -------------------------------------------------------------------------------- /docs/Update-AzSentinelIncident.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/docs/Update-AzSentinelIncident.md -------------------------------------------------------------------------------- /examples/AlertRules.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/examples/AlertRules.json -------------------------------------------------------------------------------- /examples/AlertRules.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/examples/AlertRules.yaml -------------------------------------------------------------------------------- /examples/DataConnectors.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/examples/DataConnectors.json -------------------------------------------------------------------------------- /examples/HuntingRules.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/examples/HuntingRules.json -------------------------------------------------------------------------------- /examples/SuspectApplicationConsent.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wortell/AZSentinel/HEAD/examples/SuspectApplicationConsent.yaml --------------------------------------------------------------------------------