building-cloud-siem-with-sentinel
CommunityAutomate cloud SIEM with Microsoft Sentinel.
AuthorAxxxxxxaaann
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Centralized cloud-native SIEM/SOAR for multi-cloud environments enables security teams to monitor, detect, and respond to threats from a single control plane. This skill codifies deploying Sentinel, configuring data connectors, authoring KQL queries, and automating responses at scale across AWS, Azure, and GCP.
Core Features & Use Cases
- Deploy Microsoft Sentinel as a cloud-native SIEM/SOAR across AWS, Azure, and GCP.
- Configure multi-cloud data connectors for AWS CloudTrail, Azure AD, and GCP logs.
- Write KQL detection queries and map to MITRE ATT&CK techniques for proactive defense.
- Build automated SOAR playbooks using Logic Apps to accelerate incident response.
- Enable Sentinel Data Lake for long-term threat hunting across petabytes of telemetry.
- Threat intelligence integration for enrichment and correlation.
Quick Start
Deploy Microsoft Sentinel, connect AWS, Azure, and GCP data sources, and implement an initial KQL rule and a sample SOAR playbook.
Dependency Matrix
Required Modules
azure-identityazure-monitor-queryazure-mgmt-securityinsight
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: building-cloud-siem-with-sentinel Download link: https://github.com/Axxxxxxaaann/KAIRI-Skills/archive/main.zip#building-cloud-siem-with-sentinel Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.