Projects
Welcome to the Hybrid Brothers Projects page! On this page we add the links to our GitHub Projects we share with the community. In this GitHub repo you will find code, projects, and tools we developed and want to share with the community. Every project has its own sub-folder, where you will find all resources related to the projects.
We would love to see people contributing to our repository! Make sure to read the README.md file in the root folder of the repository for more information on how to contribute.
Windows Security Event Gap Checker
This script checks which Windows Security Event IDs are being used in Microsoft Sentinel analytic rules, and if they are being ingested in Microsoft Sentinel. The check on whether the Event IDs are ingested, is done by querying the SecurityEvents table for the past X days. This can help identify data mapping gaps that are otherwise hard to spot.
MITRE Analytics and Incidents Mapping
This project contains two scripts that can be used for mapping Microsoft Sentinel incidents and analytic rules to the MITRE ATT&CK framework. Both scripts (named map-analytics and map-incidents) are written in Powershell, and can be run in an interactive or non-interactive mode. The scripts allow you to filter for certain statuses or data connectors, so you have more control over which analytic rules and incidents you want to map.