Forum Discussion
Import yaml from Github to Sentinel
Does anyone know how to create Sentinel custom alerts for the IOCs from Github repos such as this one?
https://github.com/magicsword-io/LOLDrivers/blob/main/detections/sigma/driver_load_win_mal_drivers.yml
I want to import yaml rule but would like to keep it up to date with the Github changes to the rule.
MSFT themselves have so many queries in their Github repo, I was wondering whether there's a best way to import/integrate them to MSFT solutions.
https://github.com/Azure/Azure-Sentinel/tree/master/Hunting%20Queries
1 Reply
- https://uncoder.io/ will allow you to paste the YAML file and convert to a Sentinel Rule or Query
