Azure Sentinel Map with LIVE Cyber Attacks

• Tech Stack: Azure Sentinel, PowerShell, KQL, IP Geolocation, Log Analytics Workspace.
• Github URL: Project Link
• Timeline: May 2023 - Aug 2023

Created a live, geographic map of cyberattacks using Azure Sentinel, providing immediate situational awareness of threats

Implemented PowerShell scripts to automate metadata extraction (IP geolocation, reputation), enriching log data and significantly improving the accuracy of Azure Sentinel's threat detection.

The combined use of Azure Sentinel and custom PowerShell scripts resulted in a substantial decrease in false positive alerts, streamlining security operations.

Empowered security teams with real-time, enriched data, enabling informed decision-making for incident response, policy adjustments, and proactive threat mitigation.