Significant open sourced Git projects of interest referenced in this site include:
Azure REST Powershell Modules
PowerShell native modules (no compiled modules) for working with Microsoft cloud resources using REST. Azure objects can be retrieved and published to the cloud purely by using Object ID strings with valid API versions determined dynamically by the modules.
These modules provide unified authentication support for most Microsoft cloud services including Azure, Graph, Exchange, Sharepoint, Teams tc.
https://github.com/LaurieRhodes/AZRest
Azure Subscription Backup
This project provides a daily git backup and reporting capability intended for Microsoft Sentinel and its subscription. All subscription objects are preserved as JSON with customisable reports displaying KQL related content in YAML. GitHistory allows teams to have complete visibility of changes in their environment.
https://github.com/LaurieRhodes/PUBLIC-Subscription-Backup
AI driven Sentinel Event Writer / Attack Simulator
A project that demonstrates using Model Context Protocol with AI for populating Microsoft Sentinel with realistic attack data. The intended use if is for training and testing Alert rules against current exploits.
https://github.com/LaurieRhodes/PUBLIC-Sentinel-Attack-Simulator
PowerShell Durable Function Example - Defender vulnerability data
This example project demonstrates the use of PowerShell Core durable functions for retrieving Microsoft Defender vulnerability data for Azure data Explorer.
https://github.com/LaurieRhodes/PUBLIC-Get-Defender-Vulnerabilities
ADX Security Data Warehouse
This project brings together many of the posts from this blog to provide a basic Security Data Warehouse template for ADX. This base template includes ASIM parsers and many of the standard Security related Azure Monitor tables an organisation needs to preserve for historical threat hunting.
https://github.com/LaurieRhodes/PUBLIC-adx-basic
OpenTelemetry Windows DNS Events Collector
A custom golang OpenTelemetry Collector receiver for capturing and transforming Windows DNS Client events into Microsoft Sentinel ASIM (Advanced Security Information Model) schema. The collector captures DNS events via ETW and exports them to Azure Event Hubs using the Kafka protocol.