This whitepaper is to provide a field guide for deployment of Azure Sentinel’s Log Analytics and Implementation of Logic Apps as automation playbooks for security responses which usually will be handled by security analysts. We intend for this guide to serve as reference examples or use cases by applying ATT&CK-based threat detections, mitigations and investigations.
When develop these three use case, we try to use practical scenarios be found in typical Microsoft hybrid-cloud environment. All detection logics and playbooks can be implemented not only on Azure Sentinel but also can be deployed to any commercial SIEM or SOAR solutions. In preparing these use cases, we assume you have already connected the relevant log sources to Azure Sentinel and have deployed, implemented and configured Azure Sentinel in your organization’s Azure tenant. For more information on basic setup and data ingestion, visit the Azure Sentinel Quick Start Guide. For further information on Strategies in data ingestion and incident response, visit Azure Sentinel Best Practices.
Download the whitepaper here:
- Azure Sentinel: Use Cases for ATT&CK-based Detection and Mitigations
A field guide for deployment of Azure Sentinel’s Log Analytics and Implementation of Logic Apps as Automation playbooks for response
https://www.dragonadvancetech.com/files/DATCAzureSentinelUseCases.pdf
kurtsh
Kurt Shintaku's Blog 