Skip to content

TheWitchySarz/SIEM-Azure

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
README.md
README.md
 
 

Repository files navigation

AZURE-SIEM setup

###🔷 Practice for Blue Team 🔷##

Description

I setup Azure Sentinel (SIEM) and connect it to a live virtual machine acting as a honey pot. We observed live attacks (RDP Brute Force) from all around the world. We will use a custom PowerShell script to look up the attackers Geolocation information pulling the information from https://ipgeolocation.io/(with a dedicated key) and plot it on the Azure Sentinel Map!

Layout Example


Disk Sanitization Steps

Languages and Utilities Used

  • Microsoft Azure
  • Microsoft Sentinel
  • PowerShell

Environments Used

  • Mac OS & Windows 11
  • Windows 10 Azure VM (21H2)

Walk-Through:

Set up Virtual machines - Windows 10 PRO Azure
Disk Sanitization Steps

Log to Pull users from Vm
Disk Sanitization Steps

RDP World Map - Login Failurs
Disk Sanitization Steps

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published