Microsoft Sentinel To-Go!

Microsoft Sentinel To-Go is an open source project developed to expedite the deployment of an Microsoft Sentinel lab along with other Azure resources for research purposes. It also comes with the option to ingest pre-recorded datasets from the Security Datasets project right at deployment time.

Getting Started

There are a few things that you can do with this project. This project is intended for research purposes, so I highly recommend to create a new resource group in your subscription to not interfere with any other system in the same resource group. Take a look at the different scenarios that you can deploy in the section below.

Grocery List - Deployment Options

A few deployments available through Microsoft Sentinel To-go!

Items	Deploy	Deploy US Gov
Microsoft Sentinel
Microsoft Sentinel + Custom Log Pipeline
Microsoft Sentinel + Win10 Workstations
Microsoft Sentinel + Win10 + AD
Microsoft Sentinel + Win10 + AD + ADFS
Microsoft Sentinel + Win10 + AD + MXS
Microsoft Sentinel + Win10 + Palo Alto Networks VM-Series Firewall
Microsoft Sentinel + Linux (Ubuntu,CentOS,RHEL)
Microsoft Sentinel + CEF Server (Ubuntu)

Media

• Microsoft Sentinel To-Go (Part 1): A lab w/ Prerecorded Data 😈 & a Custom Logs Pipe via ARM Templates 🚀
• Microsoft Sentinel To-Go (Part 2): Integrating a Basic Windows Lab 🧪 via ARM Templates 🚀
• Testing the New Version of the Windows Security Events Connector with Microsoft Sentinel To-Go!
• Microsoft Sentinel To-Go! A Linux 🐧 Lab with AUOMS Set Up to Learn About the OMI Vulnerability 💥

Maintainers

• Roberto Rodriguez (@Cyb3rWard0g)

Committers