{
"cells": [
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Guided Triage - Incidents\n",
" Details...
\n",
"Notebook Version: 1.1
\n",
"\n",
"**Data Sources Used**:
\n",
"- Microsoft Sentinel\n",
" - Incidents\n",
"
\n",
"- Threat Intelligence Providers\n",
" - OTX (https://otx.alienvault.com/)\n",
" - VirusTotal (https://www.virustotal.com/)\n",
" - XForce (https://www.ibm.com/security/xforce)\n",
" - GreyNoise (https://www.greynoise.io)\n",
"More details...
\n",
"\n",
"This should complete without errors. If you encounter errors or warnings look at the following two notebooks:\n",
"- [TroubleShootingNotebooks](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/TroubleShootingNotebooks.ipynb)\n",
"- [ConfiguringNotebookEnvironment](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/ConfiguringNotebookEnvironment.ipynb)\n",
"\n",
"If you are running in the Microsoft Sentinel Notebooks environment (Azure Notebooks or Azure ML) you can run live versions of these notebooks:\n",
"- [Run TroubleShootingNotebooks](./TroubleShootingNotebooks.ipynb)\n",
"- [Run ConfiguringNotebookEnvironment](./ConfiguringNotebookEnvironment.ipynb)\n",
"\n",
"You may also need to do some additional configuration to successfully use functions such as Threat Intelligence service lookup and Geo IP lookup. \n",
"There are more details about this in the `ConfiguringNotebookEnvironment` notebook and in these documents:\n",
"- [msticpy configuration](https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html)\n",
"- [Threat intelligence provider configuration](https://msticpy.readthedocs.io/en/latest/data_acquisition/TIProviders.html#configuration-file)\n",
"\n",
"