Skip to content

Home

Jump to bottom
Edoardo Gerosa edited this page Feb 8, 2020 · 25 revisions

Welcome to the sentinel-attack wiki

This wiki is designed to walk you through setting up Sentinel-ATT&CK in your Azure environment. It's meant to be a lightweight, to the point step-by-step guide.

Getting started

Setting up Sentinel ATT&CK on Azure is quick and simple, the following steps must be performed:

  1. Quickly spin-up a test lab on Azure Sentinel (Optional)
  2. Deploy Sentinel and onboard Sysmon data
  3. Install the ATT&CK telemetry dashboard on Azure
  4. Upload selected Kusto queries into Sentinel analytics (Optional)
  5. Upload available threat hunting workbooks in Azure (Optional)
  6. Upload available threat hunting Jupyter notebooks in Azure (Optional)
Clone this wiki locally