Disable correlation for Analytic Rules in Microsoft Sentinel
Simple script that automates the job of excluding analytic rules from correlation in Defender XDR.
Read more →
security automation blog
newest posts
Migrating Microsoft Sentinel to Microsoft Defender XDR
An in-depth look at why this change is happening and some things to expect from the migration.
Read more →
Tool Release: DarkLighthouse
DarkLighthouse is a PowerShell module for discovering Azure Lighthouse delegations. Great for security assessments and understanding your multi-tenant attack surface.
Read more →
This can't possibly work - building a detection engineering assistant
My entry for this years Festive Tech Calendar 2025 is a little detection engineering assistant
Read more →
Tools and repositories
DarkLighthouse
Simple tool to detect Azure Lighthouse delegations and automate persistence setup.
PowerShell
5
pwshmisp
Module for interacting with a MISP server using PowerShell.
PowerShell
pwshuploadindicatorsapi
PowerShell module for sending indicators of compromise to the Upload Indicators API (Microsoft Sentinel).
PowerShell
misp2sentinelone
Proof of concept PowerShell functions for sending TI from MISP to SentinelOne.
PowerShell
7
MicrosoftSentinel-Scripts
Repository for publishing scripts related to Microsoft Sentinel.
PowerShell
3
MicrosoftSentinel-Templates
Collection of ARM and other templates for Microsoft Sentinel.
JSON
InstagramUnliker
vibe coded nonsense that allows you to unlike instagram posts in firefox.
JSON
MermaidGen
An attempt at creating mermaid diagrams for markdown as code.
JSON
1
misp2sentinelone
Proof of concept PowerShell-functions for sending TI from MISP to SentinelOne.
JSON
7