{
"cells": [
{
"cell_type": "markdown",
"metadata": {},
"source": [
" # Windows Host Explorer\n",
" <details>\n",
"
\n",
" **Python Version:** Python 3.6 (including Python 3.6 - AzureML)
\n",
" **Required Packages**: kqlmagic, msticpy, pandas, numpy, matplotlib, bokeh, networkx, ipywidgets, ipython, scikit_learn, dnspython, ipwhois, folium, maxminddb_geolite2
\n",
" **Platforms Supported**:\n",
" - Azure Notebooks Free Compute\n",
" - Azure Notebooks DSVM\n",
" - OS Independent\n",
"\n",
" **Data Sources Required**:\n",
" - Log Analytics - SecurityAlert, SecurityEvent (EventIDs 4688 and 4624/25), AzureNetworkAnalytics_CL, Heartbeat\n",
" - (Optional) - VirusTotal, AlienVault OTX, IBM XForce, Open Page Rank, (all require accounts and API keys)\n",
" </details>\n",
"\n",
" Brings together a series of queries and visualizations to help you determine the security state of the Windows host or virtual machine that you are investigating.\n"
]
},
{
"cell_type": "markdown",
"metadata": {
"toc": true
},
"source": [
"
Workspace details collected from config file
" ], "text/plain": [ "Warning: the selected '\n", " \"account name appears to be a system account.