-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAzure_Sentinel
12 lines (9 loc) · 1.01 KB
/
Azure_Sentinel
1
2
3
4
5
6
7
8
9
10
11
12
02/24/2022
- This will be the first of five projects, taken from Josh Madakor's YouTube channel: https://www.youtube.com/watch?v=P9wz0Sted_I
- This is the video of the actual tutorial that I am following: https://www.youtube.com/watch?v=RoZeVbbZ0o0&list=PLqBeiU46hx1EfJnCI8pw_BTTtRsc4bgcV&index=47
- I will be providing commentary and walk-thru as proof of completing this project.
- It will provide me with experience in the following:
- Using custom PowerShell script to extract metadata from Windows Event Viewer to be forwarded to third party API in order to derive geolocation data
- Configuring Log Analytics Workspace in Azure to ingest custom logs containing geographic information (latitude/longitude, state/province, and country)
- Configuring custom fields in Log Analytics Workspace with the intent of mapping geo data in Azure Sentinel
- Configuring the Azure Sentinel SIEM workbook to display global attack data (RDP brute force) on world map according to the physical location and magnitude of attacks.