This talk explores how to integrate OSINT and detection-as-code to shift from reactive alerting to proactive hunting. We demonstrate a live pipeline that automatically ingests IOCs from paste sites, GitHub, and threat feeds, enriches them via passive DNS/TLS, geo, and WHOIS data, and deploys context-rich KQL detection rules in Microsoft Sentinel using infrastructure-as-code.

We’ll show how to:

Collect and enrich threat indicators with minimal manual effort

Use GPT-based models to generate KQL detection rules from threat reports and IOCs

Automate rule deployment to Sentinel via GitHub Actions or Azure DevOps

Correlate OSINT to real-time telemetry for threat hunting

Attendees will walk away with actionable tooling and design patterns to enhance SOC workflows using open-source, AI-powered, and cloud-native technology.