GitHub Projects

Significant open sourced Git projects of interest referenced in this site include:

Azure REST Powershell Modules

PowerShell native modules (no compiled modules) for working with Microsoft cloud resources using REST.  Azure objects can be retrieved and published to the cloud purely by using Object ID strings with valid API versions determined dynamically by the modules.

These modules provide unified authentication support for most Microsoft cloud services including Azure, Graph, Exchange, Sharepoint, Teams tc.

https://github.com/LaurieRhodes/AZRest

Azure Subscription Backup

This project provides a daily git backup and reporting capability intended for Microsoft Sentinel and its subscription.  All subscription objects are preserved as JSON with customisable reports displaying KQL related content in YAML. GitHistory allows teams to have complete visibility of changes in their environment.

YAML backup reports

https://github.com/LaurieRhodes/PUBLIC-Subscription-Backup

 

AI driven Sentinel Event Writer / Attack Simulator

A project that demonstrates using Model Context Protocol with AI for populating Microsoft Sentinel with realistic attack data.  The intended use if is for training and testing Alert rules against current exploits.

Claude Desktop

 https://github.com/LaurieRhodes/PUBLIC-Sentinel-Attack-Simulator

 

PowerShell Durable Function Example - Defender vulnerability data

This example project demonstrates the use of PowerShell Core durable functions for retrieving Microsoft Defender vulnerability data for Azure data Explorer.

https://github.com/LaurieRhodes/PUBLIC-Get-Defender-Vulnerabilities

ADX Security Data Warehouse

This project brings together many of the posts from this blog to provide a basic Security Data Warehouse template for ADX.  This base template includes ASIM parsers and many of the standard Security related Azure Monitor tables an organisation needs to preserve for historical threat hunting.

https://github.com/LaurieRhodes/PUBLIC-adx-basic

OpenTelemetry Windows DNS Events Collector

A custom golang OpenTelemetry Collector receiver for capturing and transforming Windows DNS Client events into Microsoft Sentinel ASIM (Advanced Security Information Model) schema. The collector captures DNS events via ETW and exports them to Azure Event Hubs using the Kafka protocol.


https://github.com/LaurieRhodes/asim-dns-collector

Golang MCP Client 

An enterprise-grade command-line interface for the Model Context Protocol (MCP), written in Go. This tool enables seamless interaction between Large Language Models (LLMs) and external tools/data sources through standardized server connections, with advanced workflow automation capabilities for complex multi-step AI tasks.

https://github.com/LaurieRhodes/mcp-cli-go

Golang MCP Graph Security Alert and Incident Management 

A Model Context Protocol (MCP) server implementation for Microsoft Graph Security APIs, providing intelligent field selection and token optimisation for AI assistant interactions.

https://github.com/LaurieRhodes/MCP-GraphSecurityIncidents

PowerShell / Kusto Schema Tools

PowerShell KQL Schema Tools

https://github.com/LaurieRhodes/Powershell-Kusto-Schema-Tools

These PowerShell scripts are used for:

  • Exporting Sentinel and Log Analytics table schemas to Azure Data Explorer (ADX) and Eventhouse KQL scripts
  • Automating Data Collection Rule creation to write data to Log Analytics / Sentinel tables
  • Extending Log Analytics Workspaces with new Custom Log (CL) tables
  • Discovering writeable tables in Log Analytics / Sentinel

ADX to Sentinel - Real-Time Data Pipeline

An Enterprise Grade Data Pipeline solution for enabling continuous, KQL filtered data forwarding from Azure Data Explorer (ADX) to Microsoft Sentinel via Data Collection Rules (DCR).

This project demonstrates the usability of an Azure Function App for reliable, continuous scanning for near real-time promotion of data using KQL queries to Log Analytics / Sentinel. Alternately, the solution may be used for KQL forwarding of events to nominated Event Hubs.

This project focusses on selective data promotion from large scale ADX data collection to Microsoft Sentinel, the concept can be used for almost endless monitoring scenarios.
https://github.com/LaurieRhodes/ADX-to-LogAnalytics-Scanner