Merge 2
Merge 2
Attack Scenarios:
1. Brute Force Attack: Simulate dictionary attacks on Azure services and endpoints.
2. Privilege Escalation: Detect attempts to escalate privileges on endpoints (using Sysmon and
LimaCharlie).
3. Suspicious Network Traffic: Zeek detects abnormal DNS and HTTP traffic patterns.
4. Persistence Mechanisms: Detect registry key modifications or startup folder changes (using
LimaCharlie and Sysmon).
Key Deliverables:
Splunk & Elastic Dashboards: Visualizations of detection results and performance metrics.
Custom Sigma Rules: Tailored detection rules for attacks like brute force or persistence.
Incident Analysis Reports: Detailed analysis of incidents, including alerts triggered and
response actions.
LimaCharlie Detection Rules: Proactive detection policies and rules for endpoint
monitoring.
This merged environment now includes a complete stack of tools for monitoring, detection,
forensics, vulnerability management, attack simulation, and incident response, providing a
robust setup for advanced threat hunting and cybersecurity operations.