Skip to content
/ Azure-Sentinel-Notebooks Public

Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.

License

MIT license
558 stars 191 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Azure/Azure-Sentinel-Notebooks

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

206 Commits
.github/workflows
.github/workflows
 
 
BehaviorAnalytics/UserSecurityMetadata
BehaviorAnalytics/UserSecurityMetadata
 
 
DeprecatedNotebooks
DeprecatedNotebooks
 
 
HowTos
HowTos
 
 
Sample-Notebooks
Sample-Notebooks
 
 
SentinelUtilities
SentinelUtilities
 
 
Test
Test
 
 
images
images
 
 
nbdemo
nbdemo
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb
A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb
 
 
A Getting Started Guide For Azure Sentinel Notebooks.ipynb
A Getting Started Guide For Azure Sentinel Notebooks.ipynb
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
ConfiguringNotebookEnvironment.ipynb
ConfiguringNotebookEnvironment.ipynb
 
 
Entity Explorer - Account.ipynb
Entity Explorer - Account.ipynb
 
 
Entity Explorer - Domain & URL.ipynb
Entity Explorer - Domain & URL.ipynb
 
 
Entity Explorer - IP Address.ipynb
Entity Explorer - IP Address.ipynb
 
 
Entity Explorer - Linux Host.ipynb
Entity Explorer - Linux Host.ipynb
 
 
Entity Explorer - Windows Host.ipynb
Entity Explorer - Windows Host.ipynb
 
 
Guided Hunting - Anomalous Office365 Exchange Sessions.ipynb
Guided Hunting - Anomalous Office365 Exchange Sessions.ipynb
 
 
Guided Hunting - Base64-Encoded Linux Commands.ipynb
Guided Hunting - Base64-Encoded Linux Commands.ipynb
 
 
Guided Hunting - Covid-19 Themed Threats.ipynb
Guided Hunting - Covid-19 Themed Threats.ipynb
 
 
Guided Hunting - Office365-Exploring.ipynb
Guided Hunting - Office365-Exploring.ipynb
 
 
Guided Investigation - Anomaly Lookup.ipynb
Guided Investigation - Anomaly Lookup.ipynb
 
 
Guided Investigation - MDATP Webshell Alerts.ipynb
Guided Investigation - MDATP Webshell Alerts.ipynb
 
 
Guided Investigation - Process-Alerts.ipynb
Guided Investigation - Process-Alerts.ipynb
 
 
Guided Triage - Alerts.ipynb
Guided Triage - Alerts.ipynb
 
 
LICENSE
LICENSE
 
 
Notebook Template.ipynb
Notebook Template.ipynb
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
SigmaRuleImporter.ipynb
SigmaRuleImporter.ipynb
 
 
TroubleShootingNotebooks.ipynb
TroubleShootingNotebooks.ipynb
 
 
aznbsetup.sh
aznbsetup.sh
 
 
azure-pipelines.yml
azure-pipelines.yml
 
 
config.json
config.json
 
 
msticpyconfig.yaml
msticpyconfig.yaml
 
 
msticpyconfig.yaml.sample
msticpyconfig.yaml.sample
 
 
notebookmetadata.json
notebookmetadata.json
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Azure Sentinel Notebooks

Jupyter notebooks are an interactive development and data analysis environment hosted in a browser. The open API supported by Azure Sentinel allows you to use Jupyter notebooks to query, transform, analyze and visualize Azure Sentinel data. This makes notebooks a powerful addition to Azure Sentinel and is especially well-suited to ad-hoc investigations, hunting or customized workflows.

Network Timeline

More information on getting started with Azure Sentinel and Azure Notebooks

This repository contains notebooks contributed by Microsoft and the community to assist hunting and investigation tasks in Azure Sentinel.

The notebooks are mostly one of three types:

  • Exploration notebooks. These are meant to be used as they are or with your own customizations to explore specific hunting and investigation scenarios. Examples of this type include the Entity explorer series. (“Entity” refers to items such as hosts, IP addresses, accounts, URLs, etc.)
  • Simple How-To notebooks like the Get Started notebook.
  • Sample notebooks. These are longer and are meant to be instructional examples following a real or simulated hunt or investigation.

Clone this repo to Azure notebooks

Clone to Azure Notebooks

More Information

Feedback

For questions or feedback, please contact AzureSentinel@microsoft.com

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

About

Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

558 stars

Watchers

35 watching

Forks

191 forks
Report repository

Releases 4

Getting started notebook update Latest
Sep 16, 2021
+ 3 releases

Packages

No packages published

Contributors 32

+ 18 contributors

Languages