sentinel-arm-generator
CommunityGenerate Sentinel ARM templates from KQL.
Authordstreefkerk
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill automates the creation of Microsoft Sentinel Analytic Rule ARM templates, transforming tested KQL queries into deployment-ready files and significantly reducing manual configuration effort.
Core Features & Use Cases
- Automated ARM Template Generation: Converts KQL queries into compliant ARM templates for Sentinel.
- Intelligent Metadata Inference: Auto-generates rule names, descriptions, severity, and MITRE ATT&CK mappings.
- Entity Extraction: Analyzes KQL to map entities like Accounts, IPs, and Hosts.
- Use Case: You have a KQL query that successfully detects suspicious PowerShell activity. Use this Skill to generate the full ARM template, including MITRE mappings for Lateral Movement and Execution, and entity mappings for Account and Host, ready for deployment in your Sentinel workspace.
Quick Start
Use the sentinel-arm-generator skill to create an ARM template for the provided KQL query.
Dependency Matrix
Required Modules
kql_analyzermitre_attack_mapperentity_extractor
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: sentinel-arm-generator Download link: https://github.com/dstreefkerk/claude-skills/archive/main.zip#sentinel-arm-generator Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.