README.md

Microsoft Sentinel Resources

This repo has random bits a pieces of collected Sentinel scripts, queries, and knicknacks. Below is a collection of resources that may be helpful in learning about Sentinel.

Microsoft Sentinel

• What is Microsoft Sentinel
• Official Sentinel GitHub (many gems to be found here!)
• Sentinel Ninja Training

KQL Resources

• Kusto Query Language | KQLQuery.com

• marcusbakker/KQL: Kusto Query Language Cheat Sheet

• Pluralsight: KQL from scratch

• Kusto Detective Agency

• Cloud Academy: Introduction to Kusto Query Language

• Rod Trent's trove of KQL resources

  • rodtrent/MustLearnKQL Book
  • Purchase MustLearnKQL Book (Amazon)
  • MustLearnKQL YouTube Channel
  • The KQL Mysteries series by Rod Trent

Analytics, Detection, and Hunting

• reprise99 Collection of KQL queries
• f-bader Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.
• ep3p Sentinel KQL (Kusto Query Language) queries and Watchlist schemes.
• rod-trent Azure Sentinel KQL
• cyb3rmik3 KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR
• Bert-JanP Sentinel and Defender Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
• FalconForceTeam/FalconFriday: Hunting queries and detections
• FalconForceTeam/KQLAnalyzer: REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
• wortell/KQL: KQL queries for Advanced Hunting
• Bert-JanP/MDE-DFIR-Resources: A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

Workbooks and PowerBI

• Commonly Used Sentinel Workbooks
• Advanced Workbook Concepts
• Rod Trent's Sentinel Workbooks
• Kevin M1 multiple Sentinel resources
• Official Microsoft Sentinel Repo of Workbooks

Playbooks and Automation

• Bert-JanP/Sentinel-Automation: Sentinel Logic Apps/Playbooks to automate enrichment, incident analysis and more.
• Sentinel Triage Assistant

Threat Intelligence

• Bert-JanP/Open-Source-Threat-Intel-Feeds: Open Source freely usable Threat Intel feeds

Notebooks and Machine Learning

• Sentinel Introduction to Jupyter Notebooks
• Creating your first Sentinel Jupyter Notebook

Collecting Logs and Azure Monitor Agent

• MMA to AMA Migration

SOC Optimization

• SOON

Retention

• SOON

Defender XDR

• Defender XDR Ninja Training

General SIEM / Logging Resources

• Syslog message formats

Training Resources

Ninja training

This is a series of videos that cover many security ninja training topics.

• Virtual Ninja Training show

Sentinel Ninja

• Sentinel Ninja
• Sentinel Notebooks Ninja
• Sentinel Automation Ninja

Defender Ninja

• Defender for Endpoint Ninja
• Defender XDR Ninja
• Defender for Office 365 Ninja
• Microsoft Defender for Identity Ninja
• Microsoft Incident Response Ninja
• Microsoft Security Exposure Management Ninja
• Microsoft Defender for Cloud Apps Ninja
• Microsoft Defender Threat Intelligence Ninja
• Microsoft Defender External Attack Surface Management Ninja
• Microsoft Defender for Cloud Ninja
• Microsoft Defender Vulnerability Management Ninja
• Microsoft Security Copilot Ninja
• Microsoft Defender for IoT Ninja

Azure Ninja

• Azure Network Security Ninja

Non-Ninja self-paced training

• Microsoft Partner Security Academy
• Microsoft Learn - Security Operations Analyst training
• Microsoft Learn - Security Engineer training