Project page

GitHub - Sentinel-as-Code

Project Overview

If you’ve ever found yourself manually clicking through the Azure portal to deploy resources, what starts as a simple “quick setup” quickly becomes hours of configuration, validation, and hoping you didn’t miss a critical setting. That’s exactly the problem I set out to solve with this Infrastructure as Code automation framework.

This project represents my journey to build a comprehensive solution for deploying and managing Microsoft Sentinel environments using Azure DevOps Pipelines. The goal was simple: make security operations scalable, repeatable and easy to update.

Version: 1.0.0

Author: Marcus Jacobson

License: MIT

Repository: GitHub

Project Status

• Foundation Infrastructure: COMPLETE
• Analytics Rules (NRT): COMPLETE
• Analytics Rules (Scheduled): COMPLETE
• Watchlist Automation: COMPLETE
• Hunting Queries: Planned
• Automation Rules: Planned
• Workbooks: Planned
• Data Connectors: Available via Content Hub

Project Goal

This project provides a comprehensive automation framework for deploying and managing Microsoft Sentinel environments using Azure DevOps Pipelines. The framework enables organizations to implement security operations at scale with consistency, repeatability, and governance through Infrastructure as Code (IaC) principles.