Import yaml from Github to Sentinel
Does anyone know how to create Sentinel custom alerts for the IOCs from Github repos such as this one?
https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_mal_drivers.yml
I want to import yaml rule but would like to keep it up to date with the Github changes to the rule.
MSFT themselves have so many queries in their Github repo, I was wondering whether there’s a best way to import/integrate them to MSFT solutions.
https://github.com/Azure/Azure-Sentinel/tree/master/Hunting%20Queries
Does anyone know how to create Sentinel custom alerts for the IOCs from Github repos such as this one?https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_mal_drivers.ymlI want to import yaml rule but would like to keep it up to date with the Github changes to the rule.MSFT themselves have so many queries in their Github repo, I was wondering whether there’s a best way to import/integrate them to MSFT solutions.https://github.com/Azure/Azure-Sentinel/tree/master/Hunting%20Queries Read More