The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel

KustoHawk is a lightweight incident triage and response tool designed for effective incident response in Microsoft Defender XDR and Microsoft Sentinel environments.

The doc-sentinel-ai project is a security-focused tool utilizing AI to perform SAST scans, detect dead code, and intelligently triage vulnerabilities. It provides a modular, local-first framework for automated code analysis, allowing for policy-driven security checks.

Azure Function for the Microsoft Sentinel Triage AssistanT (STAT)

Sentinel-Triage is a content moderation system that uses semantic routing to classify user-generated content and route it to the optimal AI model based on intent, risk level, and language.

The SOC Entity Triage workbook is designed to enhance the triage process for security operation centers (SOCs) by providing a comprehensive and interactive analysis tool within Azure Sentinel. This workbook aims to streamline the investigation of entities such as IP addresses, hostnames, AD users, and email accounts,.

An open-source repository for scripts and algorithms to assess pedestrian head injuries at the roadside. Part of the SENTINEL project, it supports developing mobile triage tools for emergency services, improving accuracy, speed, and outcomes in brain injury assessments for adult pedestrians (16+).

Policy-driven, explainable SOC incident triage copilot with deterministic safety guardrails, optional GPT/Foundry enrichment, Streamlit dashboard, FastAPI endpoints, and SQLite audit/feedback loop.

SOC automation scripts | Phishing analyzer · Incident triage reporter · KQL generator | Built for Microsoft Sentinel & Azure Security environments.

Microsoft Security Operations: Sentinel, Defender XDR, incident triage, detection thinking, and KQL hunts used in SOC operations.

A blueprint for an engineered macrophage-based sentinel cell for early threat detection, triage, and structured immune reporting.

A client-server architecture for an LLM powered both that allows for Azure/Azure Sentinel/Defender incident triage and security metrics gathering.

AI-assisted SecOps triage for Microsoft Sentinel telemetry (simulated). PowerShell automation produces prioritized alerts, CISO-ready executive brief, incident timeline, KQL detections, and IR playbooks.

Python CLI for automated Microsoft Sentinel incident triage — correlates Azure activity logs, identity signals, and threat intelligence (VirusTotal, GreyNoise, AbuseIPDB) to produce prioritised investigation reports with optional Azure OpenAI analysis.

AI-powered SOC triage assistant built on Azure OpenAI. Reduces L1 analyst workload by 75% through intelligent alert summarization, contextual enrichment, and guided investigation workflows. Integrates with Microsoft Sentinel, Splunk, and Defender.

Sentinel is an agentic AI copilot for DevOps incident triage. It analyzes alerts and logs, maintains incident state, and assists on-call engineers with step-by-step reasoning and human-in-the-loop decisions.

An autonomous DevSecOps multi-agent system that moves CI/CD from passive scanning to active defense. Sentinel-D triages CVEs, verifies live production blast radius via Azure SRE, and writes sandbox-tested PRs before a human ever has to look.

Sentinel DV is an **open-source Model Context Protocol (MCP) server** that provides large language models and AI agents with **safe, structured, read-only access** to verification artifacts—enabling deterministic triage, root-cause analysis, and verification insight without exposing raw logs or granting control of simulators.

Open source AI security agent that triages SIEM alerts, enriches indicators, and orchestrates incident response with human in the loop approvals. It provides pluggable connectors for Splunk, Microsoft Sentinel, CrowdStrike, and XSOAR, uses LLM reasoning with strict guardrails and complete audit logs, and automates evidence gathering, ticket updates

Mail Sentinel is an AI-powered, edge-resident email intake and response system built on Cloudflare Workers. It functions as a fail-safe mail worker that autonomously triages inbound customer inquiries, responds using an LLM, and coordinates real-world actions, such as booking consultations, via MCP tools including Google Calendar

No description available

A case-resolution console where a support agent can load customer activity, get AI-generated insights, and run a multi-agent triage that recommends and executes safe actions, with explainable traces, policy guardrails, and observability.

Demonstration of SIEM detection design and incident investigation using Microsoft Sentinel, Azure AD, and endpoint telemetry.

A hands-on lab using Microsoft Sentinel to investigate a PowerShell-based security alert, classify it using MITRE ATT&CK, and simulate real-world SOC analyst triage and documentation.

Produces a plain-English triage summary including likely attack type, affected assets, recommended response, and severity reasoning.

Cloud-native SOC automation framework. Connects to Microsoft Sentinel, ingests Tier-1 incidents and uses an LLM API to analyse, enrich and auto-close incidents.

SentinelGenAI: plataforma em Python/FastAPI para triagem e investigação de alertas de cibersegurança com agente GenAI multi-step/multi-tool. Inclui governança (HITL), minimização e filtro de PII, logging/auditoria, SLIs/SLOs, drift (data/model), alertas e remediação automática, e red-team prompts.

SOC RAG triage system using Langflow and Microsoft Sentinel

A curated collection of Microsoft Sentinel and Microsoft Defender KQL queries designed to assist security analysts in deep-dive investigations, threat hunting, and incident response.

No description available