AZURE-SIEM setup

###🔷 Practice for Blue Team 🔷##

Description

I setup Azure Sentinel (SIEM) and connect it to a live virtual machine acting as a honey pot. We observed live attacks (RDP Brute Force) from all around the world. We will use a custom PowerShell script to look up the attackers Geolocation information pulling the information from https://ipgeolocation.io/(with a dedicated key) and plot it on the Azure Sentinel Map!

Layout Example

Languages and Utilities Used

Microsoft Azure
Microsoft Sentinel
PowerShell

Environments Used

Mac OS & Windows 11
Windows 10 Azure VM (21H2)

Walk-Through:

Set up Virtual machines - Windows 10 PRO Azure

Log to Pull users from Vm

RDP World Map - Login Failurs

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Repository files navigation

AZURE-SIEM setup

Description

Layout Example

Languages and Utilities Used

Environments Used

Walk-Through:

About

Releases

Packages

TheWitchySarz/SIEM-Azure

Folders and files

Latest commit

History

README.md

README.md

Repository files navigation

AZURE-SIEM setup

Description

Layout Example

Languages and Utilities Used

Environments Used

Walk-Through:

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages