It’s for all the Azure Sentinel Enthusiasts.
A good blog post to read about how to deploy your own Azure Sentinel solution in a lab environment via Azure Resource Management (ARM) templates along with a custom logs ingestion pipeline to consume pre-recorded datasets and other resources for research purposes.
References:
https://mordordatasets.com/introduction
https://docs.microsoft.com/en-us/azure/azure-monitor/faq
https://docs.microsoft.com/en-us/azure/azure-monitor/terminology
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-platform
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/data-sources#custom-sources
https://docs.microsoft.com/en-us/azure/sentinel/overview
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/solutions
https://azuremarketplace.microsoft.com/en-us/marketplace/apps/Microsoft.SecurityOMS?tab=Overview
https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/
https://azure.microsoft.com/en-us/pricing/details/monitor/
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-azure_event_hubs.html
https://azure.microsoft.com/en-us/services/event-hubs/
https://github.com/yokawasa/logstash-output-azure_loganalytics
Kiran NR Cyber-security blog 