building-cloud-siem-with-sentinel

Solid

This skill covers deploying Microsoft Sentinel as a cloud-native SIEM and SOAR platform for centralized security operations. It details configuring data connectors for multi-cloud log ingestion, writing KQL detection queries, building automated response playbooks with Logic Apps, and leveraging the Sentinel data lake for petabyte-scale threat hunting across AWS, Azure, and GCP security telemetry.

DevOps & Infrastructure 38 stars 5 forks Updated yesterday MIT

Install

View on GitHub

Quality Score: 89/100

Stars 20%

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Building Cloud SIEM with Sentinel ## When to Use - When establishing a centralized security operations center for multi-cloud environments - When migrating from legacy SIEM platforms (Splunk, QRadar) to cloud-native architecture - When building automated incident response workflows for cloud-specific threats - When performing large-scale threat hunting across petabytes of security telemetry - When integrating threat intelligence feeds with cloud security log analysis **Do not use** for AWS-only environments where Security Hub and GuardDuty suffice, for endpoint detection requiring EDR capabilities (use Defender for Endpoint), or for compliance posture monitoring (see building-cloud-security-posture-management). ## Prerequisites - Azure subscription with Microsoft Sentinel enabled on a Log Analytics workspace - Data connector permissions for target log sources (AWS CloudTrail, Azure Activity, GCP) - Logic Apps or Azure Functions for automated response playbooks - KQL (Kusto Query Language) proficiency for writing detection rules and hunting queries ## Workflow ### Step 1: Provision Sentinel Workspace and Data Connectors Create a Log Analytics workspace optimized for security data and enable data connectors for multi-cloud ingestion. ```powershell # Create Log Analytics workspace az monitor log-analytics workspace create \ --resource-group security-rg \ --workspace-name sentinel-workspace \ --location eastus \ --retention-time 365 \ --sku PerGB2018 # Enabl...

Details

Author: adriannoes
Repository: adriannoes/awesome-vibe-coding
Created: 8 months ago
Last Updated: yesterday
Language: Jupyter Notebook
License: MIT

Integrates with

Google Cloud · Cloud Azure · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Featured

building-cloud-siem-with-sentinel

15,448 Updated 1 weeks ago

mukul975

DevOps & Infrastructure Solid

azure-sentinel

Expert knowledge for Azure Sentinel development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when managing Sentinel connectors, KQL analytics rules, Logic Apps playbooks, UEBA/SAP data, or ASIM schemas, and other Azure Sentinel related development tasks. Not for Azure Defender For Cloud (use azure-defender-for-cloud), Azure Security (use azure-security), Azure Monitor (use azure-monitor), Azure Network Watcher (use azure-network-watcher).

604 Updated 3 days ago

MicrosoftDocs

DevOps & Infrastructure Listed

siem-logging

Configure security information and event management (SIEM) systems for threat detection, log aggregation, and compliance. Use when implementing centralized security logging, writing detection rules, or meeting audit requirements across cloud and on-premise infrastructure.

374 Updated 6 months ago

ancoleman