{
"cells": [
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Alert Investigation - Windows Process Alerts\n",
"<details>\n",
"
\n",
"\n",
"**Data Sources Used**:
\n",
"- Log Analytics/Azure Sentinel\n",
" - SecurityAlert \n",
" - SecurityEvent\n",
"
\n",
"- Threat Intelligence Providers (Optional)\n",
" - OTX (https://otx.alienvault.com/)\n",
" - VirusTotal (https://www.virustotal.com/)\n",
" - XForce (https://www.ibm.com/security/xforce)\n",
"</details>\n",
"\n",
"This notebook is intended for triage and investigation of security alerts related to process execution. It is specifically targeted at alerts triggered by suspicious process activity on Windows hosts. "
]
},
{
"cell_type": "markdown",
"metadata": {
"toc": true
},
"source": [
"