-
Notifications
You must be signed in to change notification settings - Fork 3k
Home
Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
Azure Sentinel provides a platform for different data sources to come together. Different types of contributions like hunting, detection and investigation queries, automated workflows, visualizations, and much more can be built to use one or many of these data sources. These contributions enable relevant security insights for automated hunting, alerting, incident tracking, investigations and response experiences in Azure Sentinel.
Azure Sentinel Community provides a forum for the community members, aka, Threat Hunters, to join in and submit these contributions via GitHub Pull Requests or contribution ideas as GitHub Issues. These contributions can be just based on your idea of the value to enterprise your contribution provides or can be from the GitHub open issues list or even enhancements to existing contributions. Refer to the Get Started section to flow in your submissions and earn points and cool badges!
The Threat Hunters leaderboard is to recognize you for all your valuable contributions to this Azure Sentinel GitHub repository! Check out the leaderboard for the current top 20 Threat Hunters.
To move up the ranks, submit contributions in any of our categories or file GitHub issues and your score will update once the Pull Request is approved for contributions!
In addition to the leaderboard points, we have badges that you can level up to. There are three types of badges: Checkpoint badges, Achiever badges and Exclusive badges.
- The Checkpoint badges recognize the number of contributions made
- The Achiever badges are awarded as you progress and explore different contribution areas in Azure Sentinel. The list of Achiever badges is as follows:
- Baby Threat Hunter - Start by making a few contributions
- Threat Hunter on a roll - Make multiple contributions in a short time span
- Bug Hunter - Excel at Hunting query submissions
- Renaissance coder - Excel at all the contribution areas in Azure Sentinel
- Teach Yoda - Submit good suggestions on how we can improve Azure Sentinel
- Soaring in the Cloud - Azure Sentinel data connector master
- The Exclusive badges come out spontaneously and are available for a limited time - Keep an eye out for special Exclusive badges!
You can contribute any of the following to enhance Azure Sentinel end-to-end customer experiences. Mash up multiple Azure Sentinel data sources for enriched experiences.
The table in this section outlines the following information for each contribution type to get started.
- Value the specific contribution provides in Azure Sentinel
- Link to relevant product feature documentation that details the experience the contribution will enable
- Link to contribution guidance to help get you started on building out your contribution
- Additional resources to assist you in developing and validating your contributions
| Contribution | Enables… | Get Started Links | Additional Resources |
|---|---|---|---|
| Playbook | setting up automated procedures while responding to threats |
Product Documentation Contribution Guidance |
Create Azure Logic Apps playbooks |
| Workbook | data insights and monitoring with visualizations |
Product Documentation Contribution Guidance |
Create Azure Monitor Workbooks |
| Hunting | quick start security threat hunting capabilities with queries |
Product Documentation Contribution Guidance |
Query style guide Tips ‘n tricks Kusto Query Language(KQL) |
| Notebook | advanced hunting capabilities using Jupyter / Azure Notebooks |
Product Documentation Contribution Guidance |
Create Azure Notebooks Jupyter Notebooks Jupyter NbViewer IPython guidance MSTICPY tools |
| Analytic Rule Template | customized alert generation and automated incident creation with queries | Product Documentation Contribution Guidance |
Query style guide Tips ‘n tricks Kusto Query Language(KQL) |
| Investigation Graph | full investigation scope discoverability with queries |
Product Documentation Contribution Guidance |
Query style guide Tips ‘n tricks Kusto Query Language(KQL) |
| Data Connectors | collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds |
Product Documentation Contribution Guidance |
Common Event Format (CEF) based connections |
Functionally validate whether your contribution works by trying it out in Azure Sentinel. The respective product documentation linked above will provide information on how your contribution can be consumed in Azure Sentinel. Besides this, at the time of submitting your Pull Request, automatic GitHub validations using Azure Pipelines is enabled on this repository for basic syntactical checks of the contributions. Follow the test guidance to add any additional tests needed to validate specific scenarios for your contributions as needed.
After you have developed and tested your contribution works as expected, follow the general contribution guidelines for Azure Sentinel to open a Pull Request to submit your contribution. We will review your submission prior to merging your PR within 7 days.
We value your feedback. Here are some channels to help surface your questions or feedback:
- General product specific Q&A – Join in the Azure Sentinel Tech Community conversations
- Product specific feature requests – Upvote or post new on Azure Sentinel user voice
- Product specific bugs - File an Azure Sentinel support ticket
- Report content you'd like to see in this repo or bugs for content in this repo / contribution bugs – File a GitHub Issue using Bug template
- General feedback on community, content and contribution process – File a GitHub Issue using Feature Request template
We can connect on these Social Media channels as well:
- Ingest Custom Logs via REST API