This repository contains Microsoft Sentinel detection rules and security documentation. The following versions are actively maintained:

If you discover a security vulnerability in this repository — including logic errors in detection rules, false negative conditions that could allow attacker evasion, or insecure configurations — please report it responsibly.

Do not open a public GitHub issue for security vulnerabilities.

1. Email: Use the LinkedIn contact at https://www.linkedin.com/in/surya-ps-cissp-a5a097160/
2. Include:
   • A description of the vulnerability
   • The specific file(s) affected
   • Proof of concept or reproduction steps
   • Potential impact assessment

• Logic errors in KQL detection rules that create false negatives (evasion opportunities)
• Detection rules that could cause operational harm if deployed (e.g., overly broad queries that could match normal traffic and cause alert fatigue leading to SOC desensitization)
• Hardcoded sensitive values accidentally committed
• Documentation that contains incorrect security guidance

• General feedback on detection logic (please open a GitHub Issue)
• Feature requests (please open a GitHub Issue)
• Issues with your own Microsoft Sentinel deployment

1. Test in a non-production Sentinel workspace before deploying to production
2. Review and tune all threshold variables before deployment — defaults are starting points, not production values
3. Validate allowlists against your environment — the default allowlists may not match your organization
4. Monitor alert volume after enabling rules — adjust thresholds if alert fatigue occurs
5. Keep detection rules updated — MITRE ATT&CK techniques evolve, and rules should be reviewed quarterly

Maintained by Surya | CISSP | Azure Security Architect