What query language does this skill use for threat detection?

It primarily uses KQL (Kusto Query Language), which is the native query language for Microsoft Sentinel and Azure Monitor Log Analytics.

Does this skill support multi-cloud environments?

Yes, it includes configurations for ingesting logs from AWS CloudTrail and Google Cloud Platform (GCP) alongside native Azure services.

Can I automate incident response with this skill?

Absolutely. It includes patterns for building SOAR playbooks using Azure Logic Apps to automate actions like disabling compromised accounts or blocking malicious IPs.

Is this skill suitable for small environments?

While it can be used for small setups, it is specifically optimized for petabyte-scale security operations and complex multi-cloud architectures.

Does it map to standardized security frameworks?

Yes, the detection rules and workflows are mapped to industry-standard frameworks including MITRE ATT&CK, NIST CSF 2.0, and the NIST AI RMF.

Cloud SIEM with Microsoft Sentinel

Name: Cloud SIEM with Microsoft Sentinel
Author: mukul975

bymukul975

•

4,121

•

Security & Testing

Deploys and configures Microsoft Sentinel as a cloud-native SIEM/SOAR platform for centralized multi-cloud security operations.

This skill provides a comprehensive framework for implementing Microsoft Sentinel to centralize security operations across AWS, Azure, and GCP. It guides users through provisioning Log Analytics workspaces, establishing multi-cloud data connectors, and writing advanced KQL (Kusto Query Language) detection rules for threats like impossible travel or credential abuse. Beyond detection, it facilitates security orchestration, automation, and response (SOAR) by integrating Azure Logic Apps to automate incident remediation, while leveraging the Sentinel data lake for large-scale, long-term threat hunting and forensic analysis.

Key Features

01Native integration with Microsoft Threat Intelligence feeds

02Advanced KQL detection query library for cloud-specific threats

034,121 GitHub stars

04Long-term threat hunting and data lake configuration

05Multi-cloud log ingestion for AWS, Azure, and GCP

06Automated SOAR playbook integration using Azure Logic Apps

Use Cases

01Migrating from legacy on-premise SIEMs to a cloud-native architecture

02Automating incident response workflows to reduce Mean Time to Remediate (MTTR)

03Centralizing security monitoring across heterogeneous cloud environments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills building-cloud-siem-with-sentinel

For use in Claude.ai and ChatGPT

Key Features

01Native integration with Microsoft Threat Intelligence feeds

02Advanced KQL detection query library for cloud-specific threats

034,121 GitHub stars

04Long-term threat hunting and data lake configuration

05Multi-cloud log ingestion for AWS, Azure, and GCP

06Automated SOAR playbook integration using Azure Logic Apps

Use Cases

01Migrating from legacy on-premise SIEMs to a cloud-native architecture

02Automating incident response workflows to reduce Mean Time to Remediate (MTTR)

03Centralizing security monitoring across heterogeneous cloud environments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills building-cloud-siem-with-sentinel

For use in Claude.ai and ChatGPT