Tool Release: Log Horizon
A PowerShell module that connects to your Sentinel workspace and tells you if your logs are earning their keep.
Read more →
security automation blog
newest posts
Upcoming Microsoft Sentinel features
Diving into some of the recent RSAC announcements
Read more →
Privileged Access 101 in Entra ID
My potentially 'realistic-ish' take on privileged access in Entra ID, Azure and Microsoft 365. Not perfect, not nothing, maybe just good enough to actually work.
Read more →
Defender XDR - Custom Detection Rules PowerShell Module
A simple PowerShell module for managing custom detection rules via the Graph API, with SPN support
Read more →
Tools and repositories
log-horizon
Microsoft Sentinel SIEM log source analyzer. Classifies tables, scores cost-vs-detection value, and generates recommendations.
PowerShell
DarkLighthouse
Simple tool to detect Azure Lighthouse delegations and automate persistence setup.
PowerShell
6
pwshmisp
Module for interacting with a MISP server using PowerShell.
PowerShell
pwshuploadindicatorsapi
PowerShell module for sending indicators of compromise to the Upload Indicators API (Microsoft Sentinel).
PowerShell
misp2sentinelone
Proof of concept PowerShell functions for sending TI from MISP to SentinelOne.
PowerShell
7
MicrosoftSentinel-Scripts
Repository for publishing scripts related to Microsoft Sentinel.
PowerShell
7
MicrosoftSentinel-Templates
Collection of ARM and other templates for Microsoft Sentinel.
JSON
InstagramUnliker
vibe coded nonsense that allows you to unlike instagram posts in firefox.
JSON
MermaidGen
An attempt at creating mermaid diagrams for markdown as code.
JSON
1
misp2sentinelone
Proof of concept PowerShell-functions for sending TI from MISP to SentinelOne.
JSON
7
rustymisp2sentinel
Rust tool for sending threat intelligence from MISP to Microsoft Sentinel.
Rust
2