Skip to content
Preeti Krishna edited this page Jun 1, 2021 · 40 revisions

Welcome Threat Hunters!

Join in the Azure Sentinel Community

What is the Azure Sentinel Community?

Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Azure Sentinel provides a platform for different data sources to come together. Different types of contributions like hunting, detection and investigation queries, automated workflows, visualizations, and much more can be built to use one or many of these data sources. These contributions enable relevant security insights for automated hunting, alerting, incident tracking, investigations and response experiences in Azure Sentinel.
Azure Sentinel Community provides a forum for the community members, aka, Threat Hunters, to join in and submit these contributions via GitHub Pull Requests or contribution ideas as GitHub Issues. These contributions can be just based on your idea of the value to enterprise your contribution provides or can be from the GitHub open issues list or even enhancements to existing contributions. Refer to the Get Started section to flow in your submissions and earn points and cool badges!

Threat Hunters Leaderboard

The Threat Hunters leaderboard is to recognize you for all your valuable contributions to this Azure Sentinel GitHub repository! Check out the leaderboard for the current top 20 Threat Hunters.

To move up the ranks, submit contributions in any of our categories or file GitHub issues and your score will update once the Pull Request is approved for contributions!

Badges

In addition to the leaderboard points, we have badges that you can level up to. There are three types of badges: Checkpoint badges, Achiever badges and Exclusive badges.

  • The Checkpoint badges recognize the number of contributions made
  • The Achiever badges are awarded as you progress and explore different contribution areas in Azure Sentinel. The list of Achiever badges is as follows:
    • Baby Threat Hunter - Start by making a few contributions
    • Threat Hunter on a roll - Make multiple contributions in a short time span
    • Bug Hunter - Excel at Hunting query submissions
    • Renaissance coder - Excel at all the contribution areas in Azure Sentinel
    • Teach Yoda - Submit good suggestions on how we can improve Azure Sentinel
    • Soaring in the Cloud - Azure Sentinel data connector master
  • The Exclusive badges come out spontaneously and are available for a limited time - Keep an eye out for special Exclusive badges!

Get Started

You can contribute any of the following to enhance Azure Sentinel end-to-end customer experiences. Mash up multiple Azure Sentinel data sources for enriched experiences.

What can you contribute and how can you create contributions?

The table in this section outlines the following information for each contribution type to get started.

  • Value the specific contribution provides in Azure Sentinel
  • Link to relevant product feature documentation that details the experience the contribution will enable
  • Link to contribution guidance to help get you started on building out your contribution
  • Additional resources to assist you in developing and validating your contributions
Contribution Enables… Get Started Links Additional Resources
Solutions deliver product/domain/industry vertical value Product Documentation
Contribution Guidance
Partner Center
Azure Marketplace
Playbook setting up automated procedures while responding to threats Product Documentation
Contribution Guidance
Create Azure Logic Apps playbooks
Workbook data insights and monitoring with visualizations Product Documentation
Contribution Guidance
Create Azure Monitor Workbooks
Hunting quick start security threat hunting capabilities with queries Product Documentation
Contribution Guidance
Query style guide
Tips ‘n tricks
Kusto Query Language(KQL)
Notebook advanced hunting capabilities using Jupyter / Azure Notebooks Product Documentation
Contribution Guidance
Create Azure Notebooks
Jupyter Notebooks
Jupyter NbViewer
IPython guidance
MSTICPY tools
Analytic Rule Template customized alert generation and automated incident creation with queries Product Documentation Contribution Guidance Query style guide
Tips ‘n tricks
Kusto Query Language(KQL)
Parsers customized parsers for data types Contribution Guidance Query style guide
Tips ‘n tricks
Kusto Query Language(KQL)
Investigation Graph full investigation scope discoverability with queries Product Documentation
Contribution Guidance
Query style guide
Tips ‘n tricks
Kusto Query Language(KQL)
Data Connectors collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds Product Documentation
Contribution Guidance
Common Event Format (CEF) based connections

Test your contribution

Functionally validate whether your contribution works by trying it out in Azure Sentinel. The respective product documentation linked above will provide information on how your contribution can be consumed in Azure Sentinel. Besides this, at the time of submitting your Pull Request, automatic GitHub validations using Azure Pipelines is enabled on this repository for basic syntactical checks of the contributions. Follow the test guidance to add any additional tests needed to validate specific scenarios for your contributions as needed.

Submit your contribution

After you have developed and tested your contribution works as expected, follow the general contribution guidelines for Azure Sentinel to open a Pull Request to submit your contribution. We will review your submission prior to merging your PR within 7 days.

Resources

We value your feedback. Here are some channels to help surface your questions or feedback:

  1. General product specific Q&A – Join in the Azure Sentinel Tech Community conversations
  2. Product specific feature requests – Upvote or post new on Azure Sentinel user voice
  3. Product specific bugs - File an Azure Sentinel support ticket
  4. Report content you'd like to see in this repo or bugs for content in this repo / contribution bugs – File a GitHub Issue using Bug template
  5. General feedback on community, content and contribution process – File a GitHub Issue using Feature Request template

We can connect on these Social Media channels as well: