Project URL: https://github.com/cecirio/azure-sentinel-attack-map

• Used a custom PowerShell script to extract metadata from Windows Event Viewer to have it forwarded to third party API and derive geolocation data
• Configured Log Analytics Workspace in Azure to ingest custom logs containing geographic information (latitude, longitude, state/province, and country)
• Configured Custom Fields in Log Analytics Workspace to map geo data in Azure Sentinel
• Configured Azure Sentinel (Microsoft's cloud SIEM) workbook to display global attack data (RDP brute force) on world map according to physical location and magnitude of attacks