Does this skill require KQL knowledge?

While KQL proficiency is helpful, the skill provides ready-to-use query templates for common threats like impossible travel, credential abuse, and ransomware patterns.

Is this skill suitable for large-scale threat hunting?

Yes, it leverages the Sentinel data lake architecture and provides high-performance KQL queries designed for petabyte-scale analysis across long-term log retention.

Does it support the MITRE ATT&CK framework?

Absolutely. All detection rules and workflows provided are designed to be mapped directly to MITRE ATT&CK techniques for comprehensive coverage analysis.

Can this skill help ingest logs from AWS and Google Cloud?

Yes, it includes specific configurations and data connector setups for ingesting AWS CloudTrail and GCP security telemetry into the Sentinel workspace.

How does this skill assist with security automation (SOAR)?

It provides JSON definitions and workflow logic for Azure Logic Apps to automate responses, such as disabling compromised accounts or isolating resources when alerts trigger.

Microsoft Sentinel Cloud SIEM

Name: Microsoft Sentinel Cloud SIEM
Author: micsapp

bymicsapp

0•

セキュリティとテスト

Deploys and manages Microsoft Sentinel as a cloud-native SIEM and SOAR platform for centralized multi-cloud security operations.

This skill provides expert guidance for architecting a modern Security Operations Center (SOC) using Microsoft Sentinel. It automates the deployment of Log Analytics workspaces, configuration of multi-cloud data connectors (AWS, Azure, GCP), and the creation of sophisticated KQL detection rules. By integrating Logic Apps for SOAR automation and leveraging the Sentinel data lake for petabyte-scale threat hunting, it enables security teams to move beyond legacy SIEM limitations and achieve rapid incident response across diverse cloud environments.

主な機能

01Automated incident response playbooks with Azure Logic Apps

02Advanced Kusto Query Language (KQL) detection rule authoring

03Integrated threat intelligence and MITRE ATT&CK mapping

040 GitHub stars

05Large-scale threat hunting patterns for cloud-specific attack vectors

06Multi-cloud log ingestion configuration for AWS, Azure, and GCP

ユースケース

01Establishing a centralized security operations center for multi-cloud environments

02Automating incident response workflows to reduce MTTR for cloud threats

03Migrating from legacy SIEM platforms like Splunk or QRadar to cloud-native architecture

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills building-cloud-siem-with-sentinel

For use in Claude.ai and ChatGPT

主な機能

01Automated incident response playbooks with Azure Logic Apps

02Advanced Kusto Query Language (KQL) detection rule authoring

03Integrated threat intelligence and MITRE ATT&CK mapping

040 GitHub stars

05Large-scale threat hunting patterns for cloud-specific attack vectors

06Multi-cloud log ingestion configuration for AWS, Azure, and GCP

ユースケース

01Establishing a centralized security operations center for multi-cloud environments

02Automating incident response workflows to reduce MTTR for cloud threats

03Migrating from legacy SIEM platforms like Splunk or QRadar to cloud-native architecture

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills building-cloud-siem-with-sentinel

For use in Claude.ai and ChatGPT