console.log("Azure Attack Map");

This was my very first project that was unrelated to my courses at WGU. The project consists of creating a Microsoft Azure virtual machine, Log analytic workspace, and working directly with Microsoft Sentinel. The first step after creating a VM was to disable all the firewalls on the VM and make it a prime target for attackers lurking in the shadows. This taught me a valuable lesson about the true scale of what cybersecurity teams are truly up against. I saw thousands of attacks every day targeting this machine from all around the world. The next step was creating the log analytics workspace and data collection rules to collect my log from the VM. The log is created from a custom PowerShell script that ingests security events, specifically failed RDP attempts from the event viewer and logs their IP address. This script then calls an IP geo-location API to map out where this IP is originating from. With the log ingested and the location assigned to each of the attacks, I finally created a Microsoft Sentinel Workbook with another custom script that filters out all the data from the log and maps it on the workbook live with the number of attacks listed below.

​

For more information on exactly how to complete this project for yourself or to get the required custom scripts, go to this link and follow the guide by Mehak A.

https://medium.com/@mehakashik/mapping-live-cyber-attacks-using-azure-sentinel-0ab419bed657