Azure Sentinel News
  • Home
  • Security and Compliance
  • MSSP
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
  • Security and Compliance
  • MSSP
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home MSSP

How to Deploy a Hunting Query to Azure Sentinel from the GitHub Repository

Azure Sentinel News Editor by Azure Sentinel News Editor
March 3, 2021
in MSSP
0
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021
4.8kViews
157 Shares Share on Facebook Share on Twitter

The official GitHub repository for Azure Sentinel exists at: https://aka.ms/ASGitHub

Deploying collateral from our GitHub repository to your Azure Sentinel instance is very similar in that it is a copy/paste operation. This guidance is specific to the Hunting query.

P.S. There’s automated ways to accomplish this, but it’s also a good thing to know for basic understanding. For an automated way, see Wortell’s PowerShell module: AZSentinel/AzSentinel at master · wortell/AZSentinel (github.com)

How to do it

Locate a Hunting query you want in the GitHub Repo. Click the “Raw” button on the page to “sanitize” the code. Sanitizing code ensures there’s no hidden characters or bad formatting.

In the Hunting blade in Azure Sentinel, click “New Query.”

New query

Using the sanitized code from the GitHub repo, use the following image (click to enlarge it) to match code information to Hunting query fields and then save the query.

Copy/paste matched fields

The items in the code (KQL) that I’ve not highlighted in the above image are important for guidance and information, but not used for creating the actual Hunting query.

Reference: https://azurecloudai.blog/2021/03/03/how-to-deploy-a-hunting-query-to-azure-sentinel-from-the-github-repository/

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

After Partner Feedback, Microsoft Releases Azure Sentinel SIEM Service
MSSP

MSSP Tiberium Unveils Microsoft Azure Sentinel SIEM, Defender Services

March 19, 2021
Securing Remote Work Setups in the Age of COVID-19
MSSP

How to be Mindful Against Dupes and Noise with the new Azure Sentinel/M365 Defender Integration

March 16, 2021
Vectra AI and Microsoft partner on security integration
MSSP

How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks

March 4, 2021
Next Post
Vectra AI and Microsoft partner on security integration

How to Take Advantage of the New Virus Total Logic App Connector for Your Azure Sentinel Playbooks

With new release, CrowdStrike targets Google Cloud, Azure and container adopters

Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

Securing Remote Work Setups in the Age of COVID-19

How to be Mindful Against Dupes and Noise with the new Azure Sentinel/M365 Defender Integration

Follow Us

  • 22M Fans
  • 85 Followers

Recommended

Mimecast Email Security for Azure Sentinel is now available in the Microsoft Azure Marketplace

AMA for Azure Sentinel on the Microsoft Security Insights Podcast and Twitch Stream

3 months ago
RiskIQ Joins Microsoft Intelligent Security Association

Using Microsoft To-do as a Simple Ticketing System for Azure Sentinel

4 months ago
Vectra AI and Microsoft partner on security integration

Open Systems MDR Leverages Microsoft Azure Sentinel’s colud SIEM

3 weeks ago
Microsoft announces the public preview of Watchlist feature in Azure Sentinel

Microsoft announces the public preview of Watchlist feature in Azure Sentinel

5 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • MSSP
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SENTINEL
  • SIEM
  • SOAR
  • Threat Intelligence

Topics

analytics anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Data Connectors Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks
No Result
View All Result

Highlights

Experience Azure Sentinel with Our New Interactive Learn Guide

How to Use Microsoft Teams as a Frontend to Azure Sentinel

3 basic cybersecurity measures to protect MSP businesses

Microsoft buying speech recognition firm Nuance in $16 billion deal

Omdia Research Spotlight: XDR

Google Releases Monitoring Query Language for Cloud Monitoring into General Availability

Trending

CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services
SENTINEL

Stream Analytics Software Market 2021 Strategic Assessment-IBM, AWS, TIBCO, Vitria, SQLstream, Microsoft Azure

by Azure Sentinel News Editor
April 19, 2021
0

By  tanmay and Azure Sentinel News Covid-19 Impact On Global Stream Analytics Software Market Size, Status And...

Microsoft Acquires CyberX to Improve Azure IoT Security

Illusive Collaborates with Microsoft on Active Defense Solution with Microsoft Defender for Endpoint to Combat Advanced Human-Operated Attacks

April 16, 2021

Detecting the “Next” SolarWinds-Style Cyber Attack

April 16, 2021
Microsoft is quietly becoming a cybersecurity powerhouse

Experience Azure Sentinel with Our New Interactive Learn Guide

April 16, 2021
Vectra AI and Microsoft partner on security integration

How to Use Microsoft Teams as a Frontend to Azure Sentinel

April 16, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • Stream Analytics Software Market 2021 Strategic Assessment-IBM, AWS, TIBCO, Vitria, SQLstream, Microsoft Azure April 19, 2021
  • Illusive Collaborates with Microsoft on Active Defense Solution with Microsoft Defender for Endpoint to Combat Advanced Human-Operated Attacks April 16, 2021
  • Detecting the “Next” SolarWinds-Style Cyber Attack April 16, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • MSSP
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SENTINEL
  • SIEM
  • SOAR
  • Threat Intelligence

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • MSSP
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News