Update: Log Horizon
Log Horizon 0.5.0 adds self-contained HTML export, deeper transform analysis, stronger hardening, and improved CI-friendly reporting for Microsoft Sentinel.
Read more →
security automation blog
newest posts
Building a practical log baseline
How to classify security logs into primary and secondary data, use Sentinel tiers pragmatically, and keep cost aligned with detection value.
Read more →
Tool Release: Log Horizon
A PowerShell module that connects to your Sentinel workspace and tells you if your logs are earning their keep.
Read more →
Upcoming Microsoft Sentinel features
Diving into some of the recent RSAC announcements
Read more →
Tools and repositories
log-horizon
Microsoft Sentinel SIEM log source analyzer. Classifies tables, scores cost-vs-detection value, and generates recommendations.
PowerShell
14
MicrosoftSentinel-Scripts
Repository for publishing scripts related to Microsoft Sentinel.
PowerShell
8
misp2sentinelone
Proof of concept PowerShell functions for sending TI from MISP to SentinelOne.
PowerShell
7
DarkLighthouse
Simple tool to detect Azure Lighthouse delegations and automate persistence setup.
PowerShell
6
rustymisp2sentinel
Rust tool for sending threat intelligence from MISP to Microsoft Sentinel.
Rust
2
pwshmisp
Module for interacting with a MISP server using PowerShell.
PowerShell
pwshuploadindicatorsapi
PowerShell module for sending indicators of compromise to the Upload Indicators API (Microsoft Sentinel).
PowerShell
MicrosoftSentinel-Templates
Collection of ARM and other templates for Microsoft Sentinel.
JSON