Home

Welcome to the sentinel-attack wiki

This wiki is designed to walk you through setting up Sentinel-ATT&CK in your Azure environment. It's meant to be a lightweight step-by-step guide.

This wiki can also be used as a basic "training boot-camp" to get to know Azure Sentinel and it's features.

Getting started

Setting up Sentinel ATT&CK on Azure is quick and simple, the following steps must be performed:

1. Quickly spin-up a test lab on Azure Sentinel (Optional)
2. Deploy Sentinel and onboard Sysmon data
3. Install the ATT&CK telemetry dashboard
4. Upload selected Kusto queries into Sentinel analytics (Optional)
5. Deploy threat hunting workbooks (Optional)
6. Deploy Jupyter threat hunting notebooks (Optional)