GitHub Projects

Significant open sourced Git projects of interest referenced in this site include:

Azure REST Powershell Modules

PowerShell native modules (no compiled modules) for working with Microsoft cloud resources using REST.  Azure objects can be retrieved and published to the cloud purely by using Object ID strings with valid API versions determined dynamically by the modules.

These modules provide unified authentication support for most Microsoft cloud services including Azure, Graph, Exchange, Sharepoint, Teams tc.

https://github.com/LaurieRhodes/AZRest

Azure Subscription Backup

This project provides a daily git backup and reporting capability intended for Microsoft Sentinel and its subscription.  All subscription objects are preserved as JSON with customisable reports displaying KQL related content in YAML. GitHistory allows teams to have complete visibility of changes in their environment.

YAML backup reports

https://github.com/LaurieRhodes/PUBLIC-Subscription-Backup

 

AI driven Sentinel Event Writer / Attack Simulator

A project that demonstrates using Model Context Protocol with AI for populating Microsoft Sentinel with realistic attack data.  The intended use if is for training and testing Alert rules against current exploits.

Claude Desktop

 https://github.com/LaurieRhodes/PUBLIC-Sentinel-Attack-Simulator

 

PowerShell Durable Function Example - Defender vulnerability data

This example project demonstrates the use of PowerShell Core durable functions for retrieving Microsoft Defender vulnerability data for Azure data Explorer.

https://github.com/LaurieRhodes/PUBLIC-Get-Defender-Vulnerabilities

ADX Security Data Warehouse

This project brings together many of the posts from this blog to provide a basic Security Data Warehouse template for ADX.  This base template includes ASIM parsers and many of the standard Security related Azure Monitor tables an organisation needs to preserve for historical threat hunting.

https://github.com/LaurieRhodes/PUBLIC-adx-basic

OpenTelemetry Windows DNS Events Collector

A custom golang OpenTelemetry Collector receiver for capturing and transforming Windows DNS Client events into Microsoft Sentinel ASIM (Advanced Security Information Model) schema. The collector captures DNS events via ETW and exports them to Azure Event Hubs using the Kafka protocol.


https://github.com/LaurieRhodes/asim-dns-collector