In our relentless pursuit of excellence, we embrace a transformative journey, one that promises innovation, security, and unyielding progress. I achieved full mastery in the realm of cyberspace, and here, we'll share a segment of that expertise with you.
The Sentinel NxCi Odyssey unfolds through five distinct chapters with two main releases, each bearing its unique promise, unveiling the future with every step.
Sprint I: Setting the Foundations #
The initial sprint primarily served as onboarding to various platforms where the author navigated to Entra ID, obtained the necessary permissions, gained access to the Azure environment, and started the data ingestion strategy into the Sentinel instance.
| Start Date | End Date | Sprint Goal |
|---|---|---|
| 2022-07-13 | 2022-07-22 | Onboarded to Microsoft 365 and Azure Tenant |
| 2022-07-22 | 2022-07-29 | Getting Permission and Role in Entra ID using PIM and JIT |
| 2022-08-01 | 2023-09-09 | Initial Product Setup and Data Ingestion |
In this inaugural sprint, we breathe life into our vision where the seeds of our future defenses are planted.
We're laying the groundwork for something monumental, nurturing the roots of our project that got critical events from many sources.
Sprint II: Vigilance and Swift Response #
With the second sprint, we sharpen our senses and bolster our capabilities.
We're not just reactive; we're proactive, seeking out the shadows and dispelling them.
| Start Date | End Date | Sprint Goal |
|---|---|---|
| 2022-09-12 | 2023-01-13 | Threat Detection and Manual Incident Response |
We will execute numerous alerting use cases using pure Kusto Query Language, each with the potential to impact and secure our customers' workload where we stand ready to repel the forces that challenge our digital domain.
Sprint III: The Art of Refinement #
We will devise a Security Orchestration, Automation, and Response plan through the implementation of automation rules.
Here, we also mold our defenses to be uniquely ours. Our systems integrate seamlessly, as we design a future where threats find no foothold and our strengths are multiplied through synergy.
| Start Date | End Date | Sprint Goal |
|---|---|---|
| 2023-03-20 | 2023-04-21 | Automating Incident Response |
In this also, We proactively undertook the task of documenting every aspect, ensuring complete traceability for all operations, techniques, and developments that Ihe personally spearheaded.
Some stuff are left for the community at sentinel.yahya-abulhaj.dev. Thus, this commitment to detail is aimed at creating a lasting legacy.
Sprint IV: Customizing, Empower the Shield #
| Start Date | End Date | Sprint Goal |
|---|---|---|
| 2023-01-16 | 2023-03-17 | Customization and Integration |
Sprint four is the brushstroke of artistry.
In this, we will explore the process of integrating the platform with external products to enhance its value and unlock its full potential, ultimately empowering it.
The platforms to be integrated will encompass OpenAI, OpenCTI, and the seamless connection of all incidents through Microsoft Teams.
Sprint V: DevSecOps, The Never-Ending Vigil #
In our final sprint, our objective was to achieve automation, relaxation, and observation.
| Start Date | End Date | Sprint Goal |
|---|---|---|
| 2023-04-24 | 2023-07-21 | Continuous Monitoring and DevSecOps |
We successfully constructed pipelines that handle the entire process, encompassing activities such as instance launch, creation of analytics rules in YAML format, and workbook generation using JSON.
All of these tasks were seamlessly integrated into a single Power project, activated by a pipeline trigger.