Loading . . .

Azure Sentinel Starter Pack

Sign Up Sign In

Azure Sentinel Starter Pack is a set of rules that provide detections for the attacks:

  • Possible Seatbelt or Rubeus or SharpPack Usage Tools from GhostPack (via audit)

  • Add SID History (via audit)

  • Possible LSASS memory access via lsadump or similar tool (via audit)

  • Possible Impacket SecretDump Activity (via audit)

  • Possible DCSync Attack (via audit)

  • Possible AMSI Abuse (via cmdline)

You can import Azure Sentinel Starter Pack rules to Azure Sentinel API using powershell tool https://github.com/wortell/AZSentinel