-
Notifications
You must be signed in to change notification settings - Fork 209
Home
Edoardo Gerosa edited this page May 31, 2020
·
25 revisions
This wiki is designed to walk you through setting up Sentinel-ATT&CK in your Azure environment. It's meant to be a lightweight step-by-step guide.
To set up Sentinel ATT&CK on Azure the following steps must be performed:
- Quickly spin-up a test lab on Azure Sentinel (Optional but recommended)
- Deploy Sentinel and onboard Sysmon data
- Install the ATT&CK telemetry dashboard
- Upload selected Kusto queries into Sentinel analytics (Optional)
- Deploy threat hunting workbooks (Optional)
- Deploy Jupyter threat hunting notebooks (Optional)
The monthly cost of running the Sentinel-ATT&CK test lab - assuming the above instructions are followed and that the default Terraform variables are used in the deployment script - averages at around ~ $50 per month. The bulk of the monthly costs are generated primarily by virtual machine and storage costs. Costs can be reduced further by consistently destroying the lab every time you log out of Azure to re-deploy it on the next login.