azu-sentinel-automation
Examples for automating Azure Sentinel deployment and configuration.
/terraform
- Deploy Log Analytics Workspace.
- Deploy Sentinel.
- Configure RBAC for built-in Sentinel roles.
/alertrules (coming up later)
- There are plenty of public domain Alert Rules and Hunting Queries for incident response & hunting - my idea is mainly to write "self-monitoring" rules that insure Sentinel & log data confidentiality, integrity and availability.
Disclaimers:
- This is a personal collection. If you decide to use any of this, please review it well.
- Everything is built and tested on my personal Azure tenant, using only things available in Azure Cloud Shell.