Home

Welcome to the sentinel-attack wiki

This wiki is designed to walk you through setting up Sentinel-ATT&CK in your Azure environment. It's meant to be a lightweight step-by-step guide.

This wiki can also be used as a basic "training boot-camp" to get to know Azure Sentinel and it's features.

Getting started

Setting up Sentinel ATT&CK on Azure is quick and simple, the following steps must be performed:

1. Quickly spin-up a test lab on Azure Sentinel (Optional)
2. Deploy Sentinel and onboard Sysmon data
3. Install the ATT&CK telemetry dashboard on Azure
4. Upload selected Kusto queries into Sentinel analytics (Optional)
5. Upload available threat hunting workbooks in Azure (Optional)
6. Upload available threat hunting Jupyter notebooks in Azure (Optional)