{
"cells": [
{
"cell_type": "code",
"execution_count": 13,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"['/A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb',\n",
" '/A Getting Started Guide For PowerShell AML Notebooks.ipynb',\n",
" '/A Tour of Cybersec notebook features.ipynb',\n",
" '/ConfiguringNotebookEnvironment.ipynb',\n",
" '/Credential Scan on Azure Blob Storage.ipynb',\n",
" '/Credential Scan on Azure Data Explorer.ipynb',\n",
" '/Credential Scan on Azure Log Analytics.ipynb',\n",
" '/Entity Explorer - Account.ipynb',\n",
" '/Entity Explorer - Domain and URL.ipynb',\n",
" '/Entity Explorer - IP Address.ipynb']"
]
},
"execution_count": 13,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"nb_files = !dir /b /s ..\\*.ipynb\n",
"\n",
"\n",
"root_path = nb_files[0].rsplit(\"\\\\\", maxsplit=1)[0]\n",
"nb_files = [nb_file.replace(root_path, \"\").replace(\"\\\\\", \"/\") for nb_file in nb_files]\n",
"nb_files[:10]"
]
},
{
"cell_type": "code",
"execution_count": 15,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"[['', 'A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/A%20Getting%20Started%20Guide%20For%20Azure%20Sentinel%20ML%20Notebooks.ipynb'], ['', 'A Getting Started Guide For PowerShell AML Notebooks.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/A%20Getting%20Started%20Guide%20For%20PowerShell%20AML%20Notebooks.ipynb'], ['', 'A Tour of Cybersec notebook features.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/A%20Tour%20of%20Cybersec%20notebook%20features.ipynb'], ['', 'ConfiguringNotebookEnvironment.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/ConfiguringNotebookEnvironment.ipynb'], ['', 'Credential Scan on Azure Blob Storage.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Credential%20Scan%20on%20Azure%20Blob%20Storage.ipynb'], ['', 'Credential Scan on Azure Data Explorer.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Credential%20Scan%20on%20Azure%20Data%20Explorer.ipynb'], ['', 'Credential Scan on Azure Log Analytics.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Credential%20Scan%20on%20Azure%20Log%20Analytics.ipynb'], ['', 'Entity Explorer - Account.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20Account.ipynb'], ['', 'Entity Explorer - Domain and URL.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20Domain%20and%20URL.ipynb'], ['', 'Entity Explorer - IP Address.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20IP%20Address.ipynb']]\n"
]
}
],
"source": [
"repo_root = \"https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master\"\n",
"table = []\n",
"for file in nb_files:\n",
" if not file.strip():\n",
" continue\n",
" folder, nb_name = file.rsplit(\"/\", maxsplit=1)\n",
" if folder.startswith(\"/\"):\n",
" folder = folder[1:]\n",
" \n",
" nb_path = file.replace(\" \", \"%20\")\n",
" table.append([folder, nb_name, f\"{repo_root}{nb_path}\"])\n",
"\n",
"print(table[:10])"
]
},
{
"cell_type": "code",
"execution_count": 37,
"metadata": {},
"outputs": [
{
"data": {
"text/plain": [
"[['',\n",
" 'A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb',\n",
" 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/A%20Getting%20Started%20Guide%20For%20Azure%20Sentinel%20ML%20Notebooks.ipynb'],\n",
" ['',\n",
" 'A Getting Started Guide For PowerShell AML Notebooks.ipynb',\n",
" 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/A%20Getting%20Started%20Guide%20For%20PowerShell%20AML%20Notebooks.ipynb'],\n",
" ['',\n",
" 'A Tour of Cybersec notebook features.ipynb',\n",
" 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/A%20Tour%20of%20Cybersec%20notebook%20features.ipynb'],\n",
" ['',\n",
" 'ConfiguringNotebookEnvironment.ipynb',\n",
" 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/ConfiguringNotebookEnvironment.ipynb'],\n",
" ['',\n",
" 'Credential Scan on Azure Blob Storage.ipynb',\n",
" 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Credential%20Scan%20on%20Azure%20Blob%20Storage.ipynb'],\n",
" ['',\n",
" 'Credential Scan on Azure Data Explorer.ipynb',\n",
" 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Credential%20Scan%20on%20Azure%20Data%20Explorer.ipynb'],\n",
" ['',\n",
" 'Credential Scan on Azure Log Analytics.ipynb',\n",
" 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Credential%20Scan%20on%20Azure%20Log%20Analytics.ipynb'],\n",
" ['',\n",
" 'Entity Explorer - Account.ipynb',\n",
" 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20Account.ipynb'],\n",
" ['',\n",
" 'Entity Explorer - Domain and URL.ipynb',\n",
" 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20Domain%20and%20URL.ipynb'],\n",
" ['',\n",
" 'Entity Explorer - IP Address.ipynb',\n",
" 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20IP%20Address.ipynb']]"
]
},
"execution_count": 37,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"ren_deprecated = [\n",
" [f\"zz-{folder}\" if \"deprecated\" in folder else folder, name, path]\n",
" for folder, name, path in table\n",
"]\n",
"sorted_table = sorted(ren_deprecated)\n",
"sorted_table = [\n",
" [folder.replace(\"zz-\", \"\") if \"deprecated\" in folder else folder, name, path]\n",
" for folder, name, path in sorted_table\n",
"]\n",
"sorted_table[:10]"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"longest_folder = max(len(folder) for folder, _ in table)\n",
"longest_folder\n",
"longest_name = max(len(name) for _, name in table)\n",
"longest_name"
]
},
{
"cell_type": "code",
"execution_count": 38,
"metadata": {},
"outputs": [
{
"data": {
"text/html": [
"\n",
"\n",
"
"
],
"text/plain": [
""
]
},
"metadata": {},
"output_type": "display_data"
}
],
"source": [
"from IPython.display import HTML\n",
"table_header = [\n",
" \"\"\"\n",
"\n",
" \"\"\",\n",
" \"\",\n",
" \"Notebook | Folder |
\",\n",
"]\n",
"\n",
"html_table = [*table_header]\n",
"\n",
"for folder, nb_name, nb_path in sorted_table:\n",
" html_table.append(f\"{nb_name} | {folder} | \")\n",
"\n",
"html_table.append(\"
\")\n",
"\n",
"display(HTML(\"\".join(html_table)))\n"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Main Notebooks ToC"
]
},
{
"cell_type": "code",
"execution_count": 39,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"\n",
"\n",
" \n",
"\n",
"Notebook | Folder |
\n",
"A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb | | \n",
"
A Getting Started Guide For PowerShell AML Notebooks.ipynb | | \n",
"
A Tour of Cybersec notebook features.ipynb | | \n",
"
ConfiguringNotebookEnvironment.ipynb | | \n",
"
Credential Scan on Azure Blob Storage.ipynb | | \n",
"
Credential Scan on Azure Data Explorer.ipynb | | \n",
"
Credential Scan on Azure Log Analytics.ipynb | | \n",
"
Entity Explorer - Account.ipynb | | \n",
"
Entity Explorer - Domain and URL.ipynb | | \n",
"
Entity Explorer - IP Address.ipynb | | \n",
"
Entity Explorer - Linux Host.ipynb | | \n",
"
Entity Explorer - Windows Host.ipynb | | \n",
"
Guided Hunting - Anomalous Office365 Exchange Sessions.ipynb | | \n",
"
Guided Hunting - Azure Resource Explorer.ipynb | | \n",
"
Guided Hunting - Base64-Encoded Linux Commands.ipynb | | \n",
"
Guided Hunting - Covid-19 Themed Threats.ipynb | | \n",
"
Guided Investigation - Anomaly Lookup.ipynb | | \n",
"
Guided Investigation - Incident Triage.ipynb | | \n",
"
Guided Investigation - Process-Alerts.ipynb | | \n",
"
Guided Investigation - Solarwinds Post Compromise Activity.ipynb | | \n",
"
Guided Triage - Alerts.ipynb | | \n",
"
Hands-on 1. Data Discovery using Azure REST API.ipynb | | \n",
"
Hands-on 2. Surfing Data using Azure SDK.ipynb | | \n",
"
Machine Learning in Notebooks Examples.ipynb | | \n",
"
AffectedKeyCredentials-CVE-2021-42306.ipynb | scenario-notebooks | \n",
"
AutomatedNotebooks-IncidentTriage.ipynb | scenario-notebooks | \n",
"
AutomatedNotebooks-Manager.ipynb | scenario-notebooks | \n",
"
Guided Hunting - Detect potential network beaconing using Apache Spark via Azure Synapse.ipynb | scenario-notebooks | \n",
"
Guided Hunting - Office365-Exploring.ipynb | scenario-notebooks | \n",
"
Guided Investigation - MDE Webshell Alerts.ipynb | scenario-notebooks | \n",
"
Guided Investigation - WAF data.ipynb | scenario-notebooks | \n",
"
Guided Analysis - User Security Metadata.ipynb | scenario-notebooks/UserSecurityMetadata | \n",
"
papermill_test_runner.ipynb | src/Test | \n",
"
Example - Azure Storage VT Hash Lookup.ipynb | tutorials-and-examples/example-notebooks | \n",
"
Example - Guided Hunting - Office365-Exploring.ipynb | tutorials-and-examples/example-notebooks | \n",
"
Example - Guided Investigation - Process-Alerts.ipynb | tutorials-and-examples/example-notebooks | \n",
"
M365 Defender - APIs ep3.ipynb | tutorials-and-examples/example-notebooks | \n",
"
M365 Defender - hunting.ipynb | tutorials-and-examples/example-notebooks | \n",
"
MDE APIs Demo Notebook.ipynb | tutorials-and-examples/example-notebooks | \n",
"
MSTICPy Tour.ipynb | tutorials-and-examples/example-notebooks | \n",
"
Senserva Connections Graph Notebook.ipynb | tutorials-and-examples/example-notebooks | \n",
"
SigmaRuleImporter.ipynb | tutorials-and-examples/example-notebooks | \n",
"
VirusTotal File Behavior Explorer - MS and Sysmon detonation.ipynb | tutorials-and-examples/example-notebooks | \n",
"
msticpy demo.ipynb | tutorials-and-examples/example-notebooks | \n",
"
AnomalousSequence.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
AzureBlobStorage.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
AzureSentinelAPIs.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
Base64Unpack.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
DataObfuscation.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
DataUploader.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
DataViewer.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
Data_Queries.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
EventClustering.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
EventTimeline.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
FoliumMap.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
GeoIPLookups.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
IoCExtract.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
MDATPQuery.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
MPSettingsEditor.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
MordorData.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
NotebookWidgets.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
PivotFunctions-Introduction.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
PivotFunctions.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
ProcessTree.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
ResourceGraphDriver.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
Splunk-DataConnector.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
SqlToKql.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
Sumologic-DataConnector.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
TIProviders.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
TimeSeriesAnomaliesVisualization.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
VTLookupV3.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
VirusTotalLookup.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
Adding Hunting Bookmarks.ipynb | tutorials-and-examples/how-tos | \n",
"
Adding Secrets to Azure Key Vault.ipynb | tutorials-and-examples/how-tos | \n",
"
Automation Gallery - Credential Scan on Azure Blob Storage.ipynb | tutorials-and-examples/how-tos | \n",
"
Automation Setup - Configure Azure Machine Learning Compute Cluster and Managed Identity.ipynb | tutorials-and-examples/how-tos | \n",
"
Automation Setup - Configure Azure Machine Learning Pipelines.ipynb | tutorials-and-examples/how-tos | \n",
"
Azure Sentinel Query Creator.ipynb | tutorials-and-examples/how-tos | \n",
"
Configurate Azure ML and Azure Synapse Analytics.ipynb | tutorials-and-examples/how-tos | \n",
"
Notebook Template.ipynb | tutorials-and-examples/how-tos | \n",
"
Provisioning DSVM.ipynb | tutorials-and-examples/how-tos | \n",
"
TroubleShootingNotebooks.ipynb | tutorials-and-examples/how-tos | \n",
"
A Getting Started Guide For CSharp AML Notebooks.ipynb | tutorials-and-examples/other-language-kernels | \n",
"
A Python Crash Course - Part 1 - Fundamentals.ipynb | tutorials-and-examples/training-notebooks | \n",
"
Training - MSTICPy Training 1221.ipynb | tutorials-and-examples/training-notebooks | \n",
"
Training - MSTICPy Training 3 - 2022-01-13.ipynb | tutorials-and-examples/training-notebooks | \n",
"
generate-nb-toc.ipynb | utils | \n",
"
A Getting Started Guide For Azure Sentinel Notebooks.ipynb | tutorials-and-examples/deprecated-notebooks | \n",
"
Example - Step-by-Step Linux-Windows-Office Investigation.ipynb | tutorials-and-examples/deprecated-notebooks | \n",
"
Get Started.ipynb | tutorials-and-examples/deprecated-notebooks | \n",
"
\n"
]
}
],
"source": [
"\n",
"print(\"\\n\".join(html_table))\n"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Tutorials ToC"
]
},
{
"cell_type": "code",
"execution_count": 41,
"metadata": {},
"outputs": [
{
"data": {
"text/html": [
"\n",
"\n",
" "
],
"text/plain": [
""
]
},
"metadata": {},
"output_type": "display_data"
}
],
"source": [
"tutorials_table = [*table_header]\n",
"for folder, nb_name, nb_path in sorted_table:\n",
" if folder.startswith(\"tutorials\"):\n",
" tutorials_table.append(f\"{nb_name} | {folder} | \")\n",
"\n",
"tutorials_table.append(\"\")\n",
"\n",
"display(HTML(\"\".join(tutorials_table)))"
]
},
{
"cell_type": "code",
"execution_count": 42,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"\n",
"\n",
" \n",
"\n",
"Notebook | Folder |
\n",
"Example - Azure Storage VT Hash Lookup.ipynb | tutorials-and-examples/example-notebooks | \n",
"
Example - Guided Hunting - Office365-Exploring.ipynb | tutorials-and-examples/example-notebooks | \n",
"
Example - Guided Investigation - Process-Alerts.ipynb | tutorials-and-examples/example-notebooks | \n",
"
M365 Defender - APIs ep3.ipynb | tutorials-and-examples/example-notebooks | \n",
"
M365 Defender - hunting.ipynb | tutorials-and-examples/example-notebooks | \n",
"
MDE APIs Demo Notebook.ipynb | tutorials-and-examples/example-notebooks | \n",
"
MSTICPy Tour.ipynb | tutorials-and-examples/example-notebooks | \n",
"
Senserva Connections Graph Notebook.ipynb | tutorials-and-examples/example-notebooks | \n",
"
SigmaRuleImporter.ipynb | tutorials-and-examples/example-notebooks | \n",
"
VirusTotal File Behavior Explorer - MS and Sysmon detonation.ipynb | tutorials-and-examples/example-notebooks | \n",
"
msticpy demo.ipynb | tutorials-and-examples/example-notebooks | \n",
"
AnomalousSequence.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
AzureBlobStorage.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
AzureSentinelAPIs.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
Base64Unpack.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
DataObfuscation.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
DataUploader.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
DataViewer.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
Data_Queries.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
EventClustering.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
EventTimeline.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
FoliumMap.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
GeoIPLookups.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
IoCExtract.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
MDATPQuery.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
MPSettingsEditor.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
MordorData.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
NotebookWidgets.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
PivotFunctions-Introduction.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
PivotFunctions.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
ProcessTree.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
ResourceGraphDriver.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
Splunk-DataConnector.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
SqlToKql.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
Sumologic-DataConnector.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
TIProviders.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
TimeSeriesAnomaliesVisualization.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
VTLookupV3.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
VirusTotalLookup.ipynb | tutorials-and-examples/feature-tutorials | \n",
"
Adding Hunting Bookmarks.ipynb | tutorials-and-examples/how-tos | \n",
"
Adding Secrets to Azure Key Vault.ipynb | tutorials-and-examples/how-tos | \n",
"
Automation Gallery - Credential Scan on Azure Blob Storage.ipynb | tutorials-and-examples/how-tos | \n",
"
Automation Setup - Configure Azure Machine Learning Compute Cluster and Managed Identity.ipynb | tutorials-and-examples/how-tos | \n",
"
Automation Setup - Configure Azure Machine Learning Pipelines.ipynb | tutorials-and-examples/how-tos | \n",
"
Azure Sentinel Query Creator.ipynb | tutorials-and-examples/how-tos | \n",
"
Configurate Azure ML and Azure Synapse Analytics.ipynb | tutorials-and-examples/how-tos | \n",
"
Notebook Template.ipynb | tutorials-and-examples/how-tos | \n",
"
Provisioning DSVM.ipynb | tutorials-and-examples/how-tos | \n",
"
TroubleShootingNotebooks.ipynb | tutorials-and-examples/how-tos | \n",
"
A Getting Started Guide For CSharp AML Notebooks.ipynb | tutorials-and-examples/other-language-kernels | \n",
"
A Python Crash Course - Part 1 - Fundamentals.ipynb | tutorials-and-examples/training-notebooks | \n",
"
Training - MSTICPy Training 1221.ipynb | tutorials-and-examples/training-notebooks | \n",
"
Training - MSTICPy Training 3 - 2022-01-13.ipynb | tutorials-and-examples/training-notebooks | \n",
"
A Getting Started Guide For Azure Sentinel Notebooks.ipynb | tutorials-and-examples/deprecated-notebooks | \n",
"
Example - Step-by-Step Linux-Windows-Office Investigation.ipynb | tutorials-and-examples/deprecated-notebooks | \n",
"
Get Started.ipynb | tutorials-and-examples/deprecated-notebooks | \n",
"
\n"
]
}
],
"source": [
"print(\"\\n\".join(tutorials_table))"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Scenario Notebooks ToC"
]
},
{
"cell_type": "code",
"execution_count": 43,
"metadata": {},
"outputs": [
{
"data": {
"text/html": [
"\n",
"\n",
" "
],
"text/plain": [
""
]
},
"metadata": {},
"output_type": "display_data"
}
],
"source": [
"scenario_table = [*table_header]\n",
"for folder, nb_name, nb_path in sorted_table:\n",
" if folder.startswith(\"scenario\"):\n",
" scenario_table.append(f\"{nb_name} | {folder} | \")\n",
"\n",
"scenario_table.append(\"\")\n",
"\n",
"display(HTML(\"\".join(scenario_table)))"
]
},
{
"cell_type": "code",
"execution_count": 44,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"\n",
"\n",
" \n",
"\n",
"Notebook | Folder |
\n",
"AffectedKeyCredentials-CVE-2021-42306.ipynb | scenario-notebooks | \n",
"
AutomatedNotebooks-IncidentTriage.ipynb | scenario-notebooks | \n",
"
AutomatedNotebooks-Manager.ipynb | scenario-notebooks | \n",
"
Guided Hunting - Detect potential network beaconing using Apache Spark via Azure Synapse.ipynb | scenario-notebooks | \n",
"
Guided Hunting - Office365-Exploring.ipynb | scenario-notebooks | \n",
"
Guided Investigation - MDE Webshell Alerts.ipynb | scenario-notebooks | \n",
"
Guided Investigation - WAF data.ipynb | scenario-notebooks | \n",
"
Guided Analysis - User Security Metadata.ipynb | scenario-notebooks/UserSecurityMetadata | \n",
"
\n"
]
}
],
"source": [
"print(\"\\n\".join(scenario_table))"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"\n",
" \n",
"\n",
"Folder | Notebook |
\n",
" | A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb | \n",
"
| A Getting Started Guide For PowerShell AML Notebooks.ipynb | \n",
"
| A Tour of Cybersec notebook features.ipynb | \n",
"
| ConfiguringNotebookEnvironment.ipynb | \n",
"
| Credential Scan on Azure Blob Storage.ipynb | \n",
"
| Credential Scan on Azure Data Explorer.ipynb | \n",
"
| Credential Scan on Azure Log Analytics.ipynb | \n",
"
| Entity Explorer - Account.ipynb | \n",
"
| Entity Explorer - Domain and URL.ipynb | \n",
"
| Entity Explorer - IP Address.ipynb | \n",
"
| Entity Explorer - Linux Host.ipynb | \n",
"
| Entity Explorer - Windows Host.ipynb | \n",
"
| Guided Hunting - Anomalous Office365 Exchange Sessions.ipynb | \n",
"
| Guided Hunting - Azure Resource Explorer.ipynb | \n",
"
| Guided Hunting - Base64-Encoded Linux Commands.ipynb | \n",
"
| Guided Hunting - Covid-19 Themed Threats.ipynb | \n",
"
| Guided Investigation - Anomaly Lookup.ipynb | \n",
"
| Guided Investigation - Incident Triage.ipynb | \n",
"
| Guided Investigation - Process-Alerts.ipynb | \n",
"
| Guided Investigation - Solarwinds Post Compromise Activity.ipynb | \n",
"
| Guided Triage - Alerts.ipynb | \n",
"
| Hands-on 1. Data Discovery using Azure REST API.ipynb | \n",
"
| Hands-on 2. Surfing Data using Azure SDK.ipynb | \n",
"
| Machine Learning in Notebooks Examples.ipynb | \n",
"
scenario-notebooks | AffectedKeyCredentials-CVE-2021-42306.ipynb | \n",
"
scenario-notebooks | AutomatedNotebooks-IncidentTriage.ipynb | \n",
"
scenario-notebooks | AutomatedNotebooks-Manager.ipynb | \n",
"
scenario-notebooks | Guided Hunting - Detect potential network beaconing using Apache Spark via Azure Synapse.ipynb | \n",
"
scenario-notebooks | Guided Hunting - Office365-Exploring.ipynb | \n",
"
scenario-notebooks | Guided Investigation - MDE Webshell Alerts.ipynb | \n",
"
scenario-notebooks | Guided Investigation - WAF data.ipynb | \n",
"
src/Test | papermill_test_runner.ipynb | \n",
"
tutorials-and-examples/deprecated-notebooks | A Getting Started Guide For Azure Sentinel Notebooks.ipynb | \n",
"
tutorials-and-examples/deprecated-notebooks | Example - Step-by-Step Linux-Windows-Office Investigation.ipynb | \n",
"
tutorials-and-examples/deprecated-notebooks | Get Started.ipynb | \n",
"
tutorials-and-examples/deprecated-notebooks/BehaviorAnalytics/UserSecurityMetadata | Guided Analysis - User Security Metadata.ipynb | \n",
"
tutorials-and-examples/example-notebooks | Example - Azure Storage VT Hash Lookup.ipynb | \n",
"
tutorials-and-examples/example-notebooks | Example - Guided Hunting - Office365-Exploring.ipynb | \n",
"
tutorials-and-examples/example-notebooks | Example - Guided Investigation - Process-Alerts.ipynb | \n",
"
tutorials-and-examples/example-notebooks | M365 Defender - APIs ep3.ipynb | \n",
"
tutorials-and-examples/example-notebooks | M365 Defender - hunting.ipynb | \n",
"
tutorials-and-examples/example-notebooks | MDE APIs Demo Notebook.ipynb | \n",
"
tutorials-and-examples/example-notebooks | msticpy demo.ipynb | \n",
"
tutorials-and-examples/example-notebooks | MSTICPy Tour.ipynb | \n",
"
tutorials-and-examples/example-notebooks | Senserva Connections Graph Notebook.ipynb | \n",
"
tutorials-and-examples/example-notebooks | SigmaRuleImporter.ipynb | \n",
"
tutorials-and-examples/example-notebooks | VirusTotal File Behavior Explorer - MS and Sysmon detonation.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | AnomalousSequence.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | AzureBlobStorage.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | AzureSentinelAPIs.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | Base64Unpack.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | DataObfuscation.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | DataUploader.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | DataViewer.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | Data_Queries.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | EventClustering.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | EventTimeline.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | FoliumMap.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | GeoIPLookups.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | IoCExtract.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | MDATPQuery.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | MordorData.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | MPSettingsEditor.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | NotebookWidgets.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | PivotFunctions-Introduction.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | PivotFunctions.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | ProcessTree.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | ResourceGraphDriver.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | Splunk-DataConnector.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | SqlToKql.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | Sumologic-DataConnector.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | TimeSeriesAnomaliesVisualization.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | TIProviders.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | VirusTotalLookup.ipynb | \n",
"
tutorials-and-examples/feature-tutorials | VTLookupV3.ipynb | \n",
"
tutorials-and-examples/how-tos | Adding Hunting Bookmarks.ipynb | \n",
"
tutorials-and-examples/how-tos | Adding Secrets to Azure Key Vault.ipynb | \n",
"
tutorials-and-examples/how-tos | Automation Gallery - Credential Scan on Azure Blob Storage.ipynb | \n",
"
tutorials-and-examples/how-tos | Automation Setup - Configure Azure Machine Learning Compute Cluster and Managed Identity.ipynb | \n",
"
tutorials-and-examples/how-tos | Automation Setup - Configure Azure Machine Learning Pipelines.ipynb | \n",
"
tutorials-and-examples/how-tos | Azure Sentinel Query Creator.ipynb | \n",
"
tutorials-and-examples/how-tos | Configurate Azure ML and Azure Synapse Analytics.ipynb | \n",
"
tutorials-and-examples/how-tos | Notebook Template.ipynb | \n",
"
tutorials-and-examples/how-tos | Provisioning DSVM.ipynb | \n",
"
tutorials-and-examples/how-tos | TroubleShootingNotebooks.ipynb | \n",
"
tutorials-and-examples/other-language-kernels | A Getting Started Guide For CSharp AML Notebooks.ipynb | \n",
"
tutorials-and-examples/training-notebooks | A Python Crash Course - Part 1 - Fundamentals.ipynb | \n",
"
tutorials-and-examples/training-notebooks | Training - MSTICPy Training 1221.ipynb | \n",
"
tutorials-and-examples/training-notebooks | Training - MSTICPy Training 3 - 2022-01-13.ipynb | \n",
"
"
]
}
],
"metadata": {
"interpreter": {
"hash": "2bc37074a50de3994d4ebdf9197e864a43c9c15c9793b7f9f3363bcff9457253"
},
"kernelspec": {
"display_name": "Python 3.9.7",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.9.7"
},
"orig_nbformat": 4
},
"nbformat": 4,
"nbformat_minor": 2
}