Repositories list

• AS-Enable-Azure-AD-User-From-Entity

  Public
  Enable Azure AD user accounts from Microsoft Sentinel account entities

  entityazure-admicrosoft-sentinel+ 1entra-id

  0•0•0•0•Updated Nov 21, 2024Nov 21, 2024

• Azure-Sentinel

  Public
  Cloud-native SIEM for intelligent security analytics for your entire enterprise.

  Jupyter Notebook

  •

  MIT License

  •3k•3•0•0•Updated Nov 21, 2024Nov 21, 2024

• AS-Disable-Azure-AD-User-From-Entity

  Public
  Disable Azure AD user accounts from Microsoft Sentinel account entities

  entityazure-admicrosoft-sentinel+ 1entra-id

  0•0•0•0•Updated Nov 20, 2024Nov 20, 2024

• AS-Microsoft-DCR-Log-Ingestion

  Public
  Send Microsoft Graph and Microsoft Office logs from one tenant to another using Data Collection Endpoints and Data Collection Rules

  PowerShell

  •0•0•0•0•Updated Nov 20, 2024Nov 20, 2024

• AS-Revoke-Azure-AD-User-Session-From-Incident

  Public
  Revoke Entra ID user sessions from Microsoft Sentinel incidents

  microsoft-sentinelentra-id

  1•5•0•0•Updated May 20, 2024May 20, 2024

• AS-Revoke-Azure-AD-User-Session-From-Entity

  Public
  Revoke Entra ID user sessions from Microsoft Sentinel entities

  microsoft-sentinelentra-id

  0•0•0•0•Updated May 20, 2024May 20, 2024

• AS-IAM-Master-Playbook

  Public
  Run four identity access management playbooks at once from a Microsoft Sentinel incident

  1•1•0•0•Updated May 20, 2024May 20, 2024

• AS-IAM-Entra-ID-Master-Playbook

  Public
  Run two identity access management playbooks at once from a Microsoft Sentinel incident

  1•1•1•0•Updated May 20, 2024May 20, 2024

• AS-Clear-Okta-Network-Zone-List

  Public
  Clear out all but one of the IPs from an Okta Network Zone list

  0•0•0•0•Updated Mar 30, 2024Mar 30, 2024

• AS-Terminate-Okta-User-Session-From-Entity

  Public
  Terminate an Okta user's session from a Microsoft Sentinel Entity

  0•0•0•0•Updated Mar 27, 2024Mar 27, 2024

• AS-MDE-Isolate-Machine

  Public
  0•0•0•0•Updated Feb 21, 2024Feb 21, 2024

• AS-MDE-Unisolate-Machine

  Public
  0•0•0•0•Updated Feb 21, 2024Feb 21, 2024

• AS-Add-Azure-AD-User-Job-Title-to-Incident

  Public
  Look up the Azure AD user accounts associated with the entities from Microsoft Sentinel incidents and add the Azure AD job titles in an Incident comment

  0•0•0•0•Updated Feb 6, 2024Feb 6, 2024

• AS-Block-Hash-in-Defender

  Public
  Block File Hashes found in Microsoft Sentinel Incidents in Defender

  incident-responsesha256-hashmicrosoft-defender+ 1microsoft-sentinel

  0•0•0•0•Updated Feb 6, 2024Feb 6, 2024

• AS-Armis-Integration

  Public
  0•0•0•0•Updated Jan 4, 2024Jan 4, 2024

• AS-Azure-AD-Group

  Public
  Add accounts from Microsoft Sentinel incidents to an Azure AD Group

  0•2•0•0•Updated Dec 6, 2023Dec 6, 2023

• AS-IP-Blocklist-Remove-IPs

  Public
  0•0•0•0•Updated Nov 27, 2023Nov 27, 2023

• Sentinel-Parsers

  Public
  0•0•0•0•Updated Oct 31, 2023Oct 31, 2023

• AS-Update-Okta-Network-Zone-From-Entity

  Public
  Add IPs from Microsoft Sentinel Entities to an Okta Network Zone Blocklist

  0•0•0•0•Updated Oct 3, 2023Oct 3, 2023

• AS-Recurring-Host-Entity

  Public
  Search Microsoft Sentinel Incident hosts in Sentinel SecurityAlert logs for other entities containing the same hosts

  0•0•0•0•Updated Sep 16, 2023Sep 16, 2023

• AS-Sign-Out-Google-User

  Public
  Sign out Google users from Microsoft Sentinel incidents

  google-apimicrosoft-sentinel

  Python

  •0•0•0•0•Updated Sep 16, 2023Sep 16, 2023

• AS-Make-GitHub-Repository-Private

  Public
  Look up the GitHub repositories associated with the Incident Account Entities and make them private

  JavaScript

  •0•2•0•0•Updated Jul 13, 2023Jul 13, 2023

• AS-Block-GitHub-User

  Public
  Block GitHub users from Microsoft Sentinel incidents

  github-apiincident-responsemicrosoft-sentinel

  JavaScript

  •0•0•0•0•Updated Jul 13, 2023Jul 13, 2023

• AS-Delete-App-Registration

  Public
  Delete app registrations from Microsoft Sentinel incidents

  0•0•0•0•Updated Jun 16, 2023Jun 16, 2023

• Zscaler-add-Domains-to-URL-Category

  Public
  Extract domains from Microsoft Sentinel incidents and add them to a Zscaler custom URL category

  zscalerurl-categorymicrosoft-sentinel

  0•1•0•0•Updated Jun 9, 2023Jun 9, 2023

• AS-Remove-Domains-from-Zscaler-URL-Category

  Public
  Extract domains from Microsoft Sentinel incidents and remove them from a Zscaler custom URL category

  zscalerurl-categorymicrosoft-sentinel

  0•0•0•0•Updated Jun 9, 2023Jun 9, 2023

• AS-Blob-Storage-Add-Domains-to-Zscaler-URL-Category

  Public
  Maintain the values of a Zscaler URL category with Azure blob storage

  0•1•0•0•Updated Jun 9, 2023Jun 9, 2023

• AS-Incident-IP-Matched-on-Watchlist

  Public
  Match Sentinel incident IPs with subnet values in a watchlist and add those matches in incident comments

  0•0•0•0•Updated Jun 2, 2023Jun 2, 2023

• AS-Incident-Response-Approval-Email

  Public
  Facilitate incident response by sending an approval email to the manager(s) of the user(s) associated with a Microsoft Sentinel incident

  1•0•0•0•Updated May 24, 2023May 24, 2023

• AS-Add-Machine-Logon-Users-to-Incident

  Public
  Add Microsoft Defender machine logon users to a Microsoft Sentinel incident comment

  microsoft-defender-for-endopointmicrosoft-sentinel

  3•7•0•0•Updated May 24, 2023May 24, 2023