page_type | languages | products | description | urlFragment | ||||||
---|---|---|---|---|---|---|---|---|---|---|
sample |
|
|
Azure DFIR resources |
msrc-dfir |
DFIR tools and references used by MSRC's Azure SOC
This repo contains some scripts and reference information that the Microsoft Security Response Center's (MSRC) Azure SOC team uses to perform their work. While the SOC cannot release everything they use internally, what can be made public will be shared here over time.
Contents
File/folder | Description |
---|---|
scripts |
PowerShell and bash scripts. |
media |
Images used in READMEs. |
CHANGELOG.md |
List of changes to the samples. |
CONTRIBUTING.md |
Guidelines for contributing to the samples. |
README.md |
This README file. |
LICENSE |
The license for the samples. |
Prerequisites
The prerequisites for each script is defined in the script itself.
Setup
Setup is the same deal as the prerequisites - each will be defined in the script or accompanying README documentation.
Running the sample
Same as with setup and prereqs - each will be defined in the script or accompanying README documentation.
Key concepts
This is provided to give SOC analysis and others involved in performing DFIR work examples and references on how they may be able to effectively perform their jobs in the Azure ecosystem.
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.