This contains notebooks designed for use by you in Microsoft Sentinel. Some of these are intended to illustrate specific techniques or investigation approaches
<style> .nb_table, th, td { border: 1px solid; text-align: left; border-collapse=collapse; margin-left: auto; margin-right: auto; } .width-f { width: 10px !important; } .width-nb { width: 300px !important; } </style>
| Notebook | Folder |
|---|---|
| AffectedKeyCredentials-CVE-2021-42306.ipynb | scenario-notebooks |
| AutomatedNotebooks-IncidentTriage.ipynb | scenario-notebooks |
| AutomatedNotebooks-Manager.ipynb | scenario-notebooks |
| Guided Hunting - Detect potential network beaconing using Apache Spark via Azure Synapse.ipynb | scenario-notebooks |
| Guided Hunting - Office365-Exploring.ipynb | scenario-notebooks |
| Guided Investigation - MDE Webshell Alerts.ipynb | scenario-notebooks |
| Guided Investigation - WAF data.ipynb | scenario-notebooks |
| Guided Analysis - User Security Metadata.ipynb | scenario-notebooks/UserSecurityMetadata |
You can view any of the notebooks directly on GitHub just by clicking on them.
For higher fidelity rendering we'd recommend Jupyter nbviewer.
- Open a notebook here and copy the URL (or copy the a link from the table above)
- Go to https://nbviewer.jupyter.org/ and paste the URL into the location text box.
- Hit the Go! button