-
Notifications
You must be signed in to change notification settings - Fork 208
Home
Edoardo Gerosa edited this page May 31, 2020
·
25 revisions
This wiki is designed to walk you through setting up Sentinel-ATT&CK in your Azure environment. It's meant to be a lightweight step-by-step guide.
Setting up Sentinel ATT&CK on Azure is quick and simple, the following steps must be performed:
- Quickly spin-up a test lab on Azure Sentinel (Optional)
- Deploy Sentinel and onboard Sysmon data
- Install the ATT&CK telemetry dashboard
- Upload selected Kusto queries into Sentinel analytics (Optional)
- Deploy threat hunting workbooks (Optional)
- Deploy Jupyter threat hunting notebooks (Optional)
The monthly cost of running the Sentinel-ATT&CK test lab - assuming the above instructions are followed and that the default Terraform variables are used in the deployment script - averages at around ~ $50 per month. The bulk of the monthly costs are generated primarily by virtual machine and storage costs. Costs can be reduced further by consistently destroying the lab every time you log out of Azure to re-deploy it on the next login.