Skip to main content

Sentinel2ATTACKv2

Sentinel2ATTACKv2 is a Python script designed for cybersecurity professionals and organizations utilizing Microsoft Sentinel as their SIEM (Security Information and Event Management) solution. This tool addresses a pivotal need within the cybersecurity ecosystem: the extraction of Techniques, Tactics, and Procedures (TTPs) from alerts generated by Microsoft Sentinel and the subsequent generation of a MITRE ATT&CK navigation layer. This functionality fills a significant gap in current capabilities, providing users with actionable insights into their security posture relative to the comprehensive threat models defined by the MITRE ATT&CK framework.

Key Features

  • TTP Extraction: Automatically extracts TTPs from Microsoft Sentinel alerts, leveraging the detailed information within alerts to map to corresponding MITRE ATT&CK TTPs.
  • MITRE ATT&CK Navigation Layer Generation: Creates a customized MITRE ATT&CK navigation layer based on the extracted TTPs, offering an intuitive visualization of the organization's threat detection capabilities and potential vulnerabilities.

Use Cases

SentinelTTPMapper is an essential tool for:

  • Security Analysts seeking to enhance their understanding of the threats their organization faces and how well they are detected by their current Sentinel rules.
  • Threat Intelligence Teams looking to map real-time alert data against established TTPs for better threat hunting and reporting.
  • Security Operations Centers (SOCs) aiming to improve their defensive measures by identifying gaps in their detection capabilities.

Github Repo: https://github.com/chihebchebbi/Sentinel2ATTACKv2/tree/main