Microsoft Sentinel Starter Pack is a set of rules that provide detections for the attacks:

• Possible Seatbelt or Rubeus or SharpPack Usage Tools from GhostPack (via audit)

• Add SID History (via audit)

• Possible LSASS memory access via lsadump or similar tool (via audit)

• Possible Impacket SecretDump Activity (via audit)

• Possible DCSync Attack (via audit)

• Possible AMSI Abuse (via cmdline)

You can import Microsoft Sentinel Starter Pack rules to Microsoft Sentinel API using powershell tool https://github.com/wortell/AZSentinel