TWILIGHT MALWARE THREAT DETECTION

Twilight project detect malware exe in VM to prevent theft issue in timely manners using connector with high communication line.

Comment 16

Inspiration

In modern world data is everything so in order to protect from attacker Microsoft and other cloud resources build services with help of highly talented Associate. Azure sentinel security features which secure AWS and GCP other cloud platforms.

What it does

TWILIGHT MALWARE THREAT DETECTION SOLUTION:-

Protects organization from malware threats via azure sentinel Logic app api (LC/NC) Dynamic content which scans periodically and report threats to Security team on time with detailed info carried out through ticket -ServiceNow, mail communication-Gmail/Outlook..,Teams Channel post message

Backdoor- malware that gives malicious hackers remote access

Password stealer-malware that gathers usernames and passwords

Ransomware- malware that encrypts your files

Trojan-malware that attempts to appear harmless

Worm-malware that spreads to other devices file sharing

## Built Using

Using Azure Sentinel service and Kusto Query for gathering event logs and threat details and logic apps for connecting externals and automation

Azure Sentinel with log analytics workspace enables to detect threat intelligence of malware exe

Threat Intelligence detects malware files, exe, tools by value type such as URLs, file hashes, or IP addresses with known threat activity such as phishing, botnets, or malware.

Automation Rule playbook creation using logic apps which connects to external services like Servicenow for ticket, teams channels, mail communication for high severity issues

Microsoft Sentinel allows you to create custom workbooks across your data, and also comes with built-in workbook templates to allow you to quickly gain insights across your data as soon as you connect a data source.

Analytics rules search for specific events or sets of events across your environment, alert you when certain event thresholds or conditions are reached, generate incidents for your SOC to triage and investigate, and respond to threats with automated tracking and remediation processes

Ticket created in ServiceNow and chat through teams channel and mail communication are carried out through API via logic apps

Challenges we ran into

Logic Apps built dynamic content which makes ease for developers to automate tasks but power automate LC/NC feature which is more effective to connect data with other services and for webhosting single tracks is it possible to bring powerautomate flows into picture to handle a single track via host.

Accomplishments that we're proud of

Built a feature for all Organization to protect their platform from malware

Have gone through various Azure service feature and functions

What we learned

Azure sentinel service and Logic Apps features.

What's next

Future Road Map to build template which contains various feature into a single content.

Built With

  • azure
  • azuresentinel
  • kql
  • logicapps
+ 192 more
Share this project:

Updates