Another blog to help expand Security Knowledge
Introduction Edit: It appears that I forgot to put the actual link to the code. You can get it here If you do not keep up to date with the analytic rules, you may find yourself in the scenario where there are a lot of rules that have updates that can be applied. If you […]
Introduction In my last blog post (Extract Microsoft Sentinel MITRE information to CSV file – Yet Another Security Blog (garybushey.com)) I went over a PowerShell script that will extract the information from the MITRE ATT&CK page in Microsoft Sentinel. In this post I am expanding on that script with two new parameters ShowZeroSimulatedRuleTemplates ShowAllSimulatedRuleTemplates This […]
Introduction Microsoft Sentinel has a great MITRE ATT&CK page that shows you which tactics and techniques are being covered by your rules. It looks like the image below (this is from a new MS Sentinel instance, so I don’t have any rules enabled) It would be great to get this information into a CSV file […]
