We found that at today's IT companies, there has been a tremendous increase in attacks related to malicious email. We are setting an a project that virtualise the detected spiteful emails in diagrams and help operators to determine which are bad emails.
What it does
We are developing a workbook in Azure sentinel and it can graphically display potential malicious email in three different category, the green ones are scanned and deemed to be okay email and yellow ones are not certain by the computer program to determine. Lastly, we have red category which are alarming emails detected. This can be used in enterprise companies to scan their email system.
How we built it
We have firstly created an Azure sentinel workspace 'sentinelprim' and then we spin up a Ubuntu VM which will be our data source and feed us some fake email data for us to analyse and category. Then we developed a Azure sentinel workbook to analyse and visualise the result.
Challenges we ran into
After we have span up the Linux VM, we need to install various dependencies to support our API service to run, there has been some hard work put to develop such an API service. We chose to go with Python and use the framework called FastAPI to develop our API services. There has been a lot of time spending here for us to figure everything out.
What's next for SecurityOrchestrator
There is a lot more that can be explored from Azure Sentinel and we are thrilled that we practiced this Hackthon and wish to contribute more in the future