-
Notifications
You must be signed in to change notification settings - Fork 207
Home
Edoardo Gerosa edited this page Feb 10, 2020
·
25 revisions
This wiki is designed to walk you through setting up Sentinel-ATT&CK in your Azure environment. It's meant to be a lightweight step-by-step guide.
This wiki can also be used as a basic "training boot-camp" to get to know Azure Sentinel and it's features.
Setting up Sentinel ATT&CK on Azure is quick and simple, the following steps must be performed:
- Quickly spin-up a test lab on Azure Sentinel (Optional)
- Deploy Sentinel and onboard Sysmon data
- Install the ATT&CK telemetry dashboard
- Upload selected Kusto queries into Sentinel analytics (Optional)
- Deploy threat hunting workbooks (Optional)
- Deploy Jupyter threat hunting notebooks (Optional)
The monthly cost of running Sentinel-ATT&CK - assuming the above instructions are followed and that the default Terraform variables are used in the deployment script - averages at around ~ $10 per month. The bulk of the monthly costs are generated primarily by virtual machine and storage costs.