Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/eshlomo1/azure-ad-incident-response

Azure AD Incident Response
https://github.com/eshlomo1/azure-ad-incident-response

azure azure-ad azure-hacktive-directory azuread cloud-security incident-response

Last synced: 2 months ago
JSON representation

Azure AD Incident Response

Awesome Lists containing this project

README 

        
# Azure AD Incident Response (AAD-IR)



#### Azure AD Incident Response life cycle and phases including tools, articles, tips, and useful information 

Note: the information will be updated continuously



*** The information in this repo is part of Azure Hacktive Directory content ***



![Azure AD Incident Reponse Life Cycle](https://github.com/eshlomo1/Azure-AD-Incident-Response/blob/main/Diagram/AAD-IR-Life-Cycle-Security-Control.png)



### Articles



* [Azure AD Incident Response Life-Cycle and Process](https://www.eshlomo.us/?p=12500&preview=true)

* Azure AD Incident Response - Builtin Investigtaion Tools

* Azure AD Incident Response - PowerShell Investigtaion Tools

* Azure AD Incident Response - M5 Investigtaion Tools

* Azure AD Incident Response - Attack & Defense Scenario's



### Tools



* [Sparrow](https://github.com/cisagov/Sparrow)

* [AzureHound](https://github.com/BloodHoundAD/AzureHound)

* [Hawk](https://github.com/T0pCyber/hawk)

* [CRT](https://github.com/CrowdStrike/CRT)

* [AzureADIncidentResponse](https://www.powershellgallery.com/packages/AzureADIncidentResponse/4.2)

* [Go365 - user enum and password guessing](https://github.com/optiv/Go365)

### Azure Sentinel 4 Azure AD IR 



[Azure AD Incident Response Queries](https://github.com/eshlomo1/Azure-Sentinel-4-SecOps/tree/master/AAD-IR)