{ "cells": [ { "cell_type": "code", "execution_count": 13, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "['/A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb',\n", " '/A Getting Started Guide For PowerShell AML Notebooks.ipynb',\n", " '/A Tour of Cybersec notebook features.ipynb',\n", " '/ConfiguringNotebookEnvironment.ipynb',\n", " '/Credential Scan on Azure Blob Storage.ipynb',\n", " '/Credential Scan on Azure Data Explorer.ipynb',\n", " '/Credential Scan on Azure Log Analytics.ipynb',\n", " '/Entity Explorer - Account.ipynb',\n", " '/Entity Explorer - Domain and URL.ipynb',\n", " '/Entity Explorer - IP Address.ipynb']" ] }, "execution_count": 13, "metadata": {}, "output_type": "execute_result" } ], "source": [ "nb_files = !dir /b /s ..\\*.ipynb\n", "\n", "\n", "root_path = nb_files[0].rsplit(\"\\\\\", maxsplit=1)[0]\n", "nb_files = [nb_file.replace(root_path, \"\").replace(\"\\\\\", \"/\") for nb_file in nb_files]\n", "nb_files[:10]" ] }, { "cell_type": "code", "execution_count": 15, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "[['', 'A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/A%20Getting%20Started%20Guide%20For%20Azure%20Sentinel%20ML%20Notebooks.ipynb'], ['', 'A Getting Started Guide For PowerShell AML Notebooks.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/A%20Getting%20Started%20Guide%20For%20PowerShell%20AML%20Notebooks.ipynb'], ['', 'A Tour of Cybersec notebook features.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/A%20Tour%20of%20Cybersec%20notebook%20features.ipynb'], ['', 'ConfiguringNotebookEnvironment.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/ConfiguringNotebookEnvironment.ipynb'], ['', 'Credential Scan on Azure Blob Storage.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Credential%20Scan%20on%20Azure%20Blob%20Storage.ipynb'], ['', 'Credential Scan on Azure Data Explorer.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Credential%20Scan%20on%20Azure%20Data%20Explorer.ipynb'], ['', 'Credential Scan on Azure Log Analytics.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Credential%20Scan%20on%20Azure%20Log%20Analytics.ipynb'], ['', 'Entity Explorer - Account.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20Account.ipynb'], ['', 'Entity Explorer - Domain and URL.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20Domain%20and%20URL.ipynb'], ['', 'Entity Explorer - IP Address.ipynb', 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20IP%20Address.ipynb']]\n" ] } ], "source": [ "repo_root = \"https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master\"\n", "table = []\n", "for file in nb_files:\n", " if not file.strip():\n", " continue\n", " folder, nb_name = file.rsplit(\"/\", maxsplit=1)\n", " if folder.startswith(\"/\"):\n", " folder = folder[1:]\n", " \n", " nb_path = file.replace(\" \", \"%20\")\n", " table.append([folder, nb_name, f\"{repo_root}{nb_path}\"])\n", "\n", "print(table[:10])" ] }, { "cell_type": "code", "execution_count": 37, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "[['',\n", " 'A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb',\n", " 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/A%20Getting%20Started%20Guide%20For%20Azure%20Sentinel%20ML%20Notebooks.ipynb'],\n", " ['',\n", " 'A Getting Started Guide For PowerShell AML Notebooks.ipynb',\n", " 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/A%20Getting%20Started%20Guide%20For%20PowerShell%20AML%20Notebooks.ipynb'],\n", " ['',\n", " 'A Tour of Cybersec notebook features.ipynb',\n", " 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/A%20Tour%20of%20Cybersec%20notebook%20features.ipynb'],\n", " ['',\n", " 'ConfiguringNotebookEnvironment.ipynb',\n", " 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/ConfiguringNotebookEnvironment.ipynb'],\n", " ['',\n", " 'Credential Scan on Azure Blob Storage.ipynb',\n", " 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Credential%20Scan%20on%20Azure%20Blob%20Storage.ipynb'],\n", " ['',\n", " 'Credential Scan on Azure Data Explorer.ipynb',\n", " 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Credential%20Scan%20on%20Azure%20Data%20Explorer.ipynb'],\n", " ['',\n", " 'Credential Scan on Azure Log Analytics.ipynb',\n", " 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Credential%20Scan%20on%20Azure%20Log%20Analytics.ipynb'],\n", " ['',\n", " 'Entity Explorer - Account.ipynb',\n", " 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20Account.ipynb'],\n", " ['',\n", " 'Entity Explorer - Domain and URL.ipynb',\n", " 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20Domain%20and%20URL.ipynb'],\n", " ['',\n", " 'Entity Explorer - IP Address.ipynb',\n", " 'https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/Entity%20Explorer%20-%20IP%20Address.ipynb']]" ] }, "execution_count": 37, "metadata": {}, "output_type": "execute_result" } ], "source": [ "ren_deprecated = [\n", " [f\"zz-{folder}\" if \"deprecated\" in folder else folder, name, path]\n", " for folder, name, path in table\n", "]\n", "sorted_table = sorted(ren_deprecated)\n", "sorted_table = [\n", " [folder.replace(\"zz-\", \"\") if \"deprecated\" in folder else folder, name, path]\n", " for folder, name, path in sorted_table\n", "]\n", "sorted_table[:10]" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "longest_folder = max(len(folder) for folder, _ in table)\n", "longest_folder\n", "longest_name = max(len(name) for _, name in table)\n", "longest_name" ] }, { "cell_type": "code", "execution_count": 38, "metadata": {}, "outputs": [ { "data": { "text/html": [ "\n", "\n", "
NotebookFolder
A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb
A Getting Started Guide For PowerShell AML Notebooks.ipynb
A Tour of Cybersec notebook features.ipynb
ConfiguringNotebookEnvironment.ipynb
Credential Scan on Azure Blob Storage.ipynb
Credential Scan on Azure Data Explorer.ipynb
Credential Scan on Azure Log Analytics.ipynb
Entity Explorer - Account.ipynb
Entity Explorer - Domain and URL.ipynb
Entity Explorer - IP Address.ipynb
Entity Explorer - Linux Host.ipynb
Entity Explorer - Windows Host.ipynb
Guided Hunting - Anomalous Office365 Exchange Sessions.ipynb
Guided Hunting - Azure Resource Explorer.ipynb
Guided Hunting - Base64-Encoded Linux Commands.ipynb
Guided Hunting - Covid-19 Themed Threats.ipynb
Guided Investigation - Anomaly Lookup.ipynb
Guided Investigation - Incident Triage.ipynb
Guided Investigation - Process-Alerts.ipynb
Guided Investigation - Solarwinds Post Compromise Activity.ipynb
Guided Triage - Alerts.ipynb
Hands-on 1. Data Discovery using Azure REST API.ipynb
Hands-on 2. Surfing Data using Azure SDK.ipynb
Machine Learning in Notebooks Examples.ipynb
AffectedKeyCredentials-CVE-2021-42306.ipynbscenario-notebooks
AutomatedNotebooks-IncidentTriage.ipynbscenario-notebooks
AutomatedNotebooks-Manager.ipynbscenario-notebooks
Guided Hunting - Detect potential network beaconing using Apache Spark via Azure Synapse.ipynbscenario-notebooks
Guided Hunting - Office365-Exploring.ipynbscenario-notebooks
Guided Investigation - MDE Webshell Alerts.ipynbscenario-notebooks
Guided Investigation - WAF data.ipynbscenario-notebooks
Guided Analysis - User Security Metadata.ipynbscenario-notebooks/UserSecurityMetadata
papermill_test_runner.ipynbsrc/Test
Example - Azure Storage VT Hash Lookup.ipynbtutorials-and-examples/example-notebooks
Example - Guided Hunting - Office365-Exploring.ipynbtutorials-and-examples/example-notebooks
Example - Guided Investigation - Process-Alerts.ipynbtutorials-and-examples/example-notebooks
M365 Defender - APIs ep3.ipynbtutorials-and-examples/example-notebooks
M365 Defender - hunting.ipynbtutorials-and-examples/example-notebooks
MDE APIs Demo Notebook.ipynbtutorials-and-examples/example-notebooks
MSTICPy Tour.ipynbtutorials-and-examples/example-notebooks
Senserva Connections Graph Notebook.ipynbtutorials-and-examples/example-notebooks
SigmaRuleImporter.ipynbtutorials-and-examples/example-notebooks
VirusTotal File Behavior Explorer - MS and Sysmon detonation.ipynbtutorials-and-examples/example-notebooks
msticpy demo.ipynbtutorials-and-examples/example-notebooks
AnomalousSequence.ipynbtutorials-and-examples/feature-tutorials
AzureBlobStorage.ipynbtutorials-and-examples/feature-tutorials
AzureSentinelAPIs.ipynbtutorials-and-examples/feature-tutorials
Base64Unpack.ipynbtutorials-and-examples/feature-tutorials
DataObfuscation.ipynbtutorials-and-examples/feature-tutorials
DataUploader.ipynbtutorials-and-examples/feature-tutorials
DataViewer.ipynbtutorials-and-examples/feature-tutorials
Data_Queries.ipynbtutorials-and-examples/feature-tutorials
EventClustering.ipynbtutorials-and-examples/feature-tutorials
EventTimeline.ipynbtutorials-and-examples/feature-tutorials
FoliumMap.ipynbtutorials-and-examples/feature-tutorials
GeoIPLookups.ipynbtutorials-and-examples/feature-tutorials
IoCExtract.ipynbtutorials-and-examples/feature-tutorials
MDATPQuery.ipynbtutorials-and-examples/feature-tutorials
MPSettingsEditor.ipynbtutorials-and-examples/feature-tutorials
MordorData.ipynbtutorials-and-examples/feature-tutorials
NotebookWidgets.ipynbtutorials-and-examples/feature-tutorials
PivotFunctions-Introduction.ipynbtutorials-and-examples/feature-tutorials
PivotFunctions.ipynbtutorials-and-examples/feature-tutorials
ProcessTree.ipynbtutorials-and-examples/feature-tutorials
ResourceGraphDriver.ipynbtutorials-and-examples/feature-tutorials
Splunk-DataConnector.ipynbtutorials-and-examples/feature-tutorials
SqlToKql.ipynbtutorials-and-examples/feature-tutorials
Sumologic-DataConnector.ipynbtutorials-and-examples/feature-tutorials
TIProviders.ipynbtutorials-and-examples/feature-tutorials
TimeSeriesAnomaliesVisualization.ipynbtutorials-and-examples/feature-tutorials
VTLookupV3.ipynbtutorials-and-examples/feature-tutorials
VirusTotalLookup.ipynbtutorials-and-examples/feature-tutorials
Adding Hunting Bookmarks.ipynbtutorials-and-examples/how-tos
Adding Secrets to Azure Key Vault.ipynbtutorials-and-examples/how-tos
Automation Gallery - Credential Scan on Azure Blob Storage.ipynbtutorials-and-examples/how-tos
Automation Setup - Configure Azure Machine Learning Compute Cluster and Managed Identity.ipynbtutorials-and-examples/how-tos
Automation Setup - Configure Azure Machine Learning Pipelines.ipynbtutorials-and-examples/how-tos
Azure Sentinel Query Creator.ipynbtutorials-and-examples/how-tos
Configurate Azure ML and Azure Synapse Analytics.ipynbtutorials-and-examples/how-tos
Notebook Template.ipynbtutorials-and-examples/how-tos
Provisioning DSVM.ipynbtutorials-and-examples/how-tos
TroubleShootingNotebooks.ipynbtutorials-and-examples/how-tos
A Getting Started Guide For CSharp AML Notebooks.ipynbtutorials-and-examples/other-language-kernels
A Python Crash Course - Part 1 - Fundamentals.ipynbtutorials-and-examples/training-notebooks
Training - MSTICPy Training 1221.ipynbtutorials-and-examples/training-notebooks
Training - MSTICPy Training 3 - 2022-01-13.ipynbtutorials-and-examples/training-notebooks
generate-nb-toc.ipynbutils
A Getting Started Guide For Azure Sentinel Notebooks.ipynbtutorials-and-examples/deprecated-notebooks
Example - Step-by-Step Linux-Windows-Office Investigation.ipynbtutorials-and-examples/deprecated-notebooks
Get Started.ipynbtutorials-and-examples/deprecated-notebooks
" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" } ], "source": [ "from IPython.display import HTML\n", "table_header = [\n", " \"\"\"\n", "\n", " \"\"\",\n", " \"\",\n", " \"\",\n", "]\n", "\n", "html_table = [*table_header]\n", "\n", "for folder, nb_name, nb_path in sorted_table:\n", " html_table.append(f\"\")\n", "\n", "html_table.append(\"
NotebookFolder
{nb_name}{folder}
\")\n", "\n", "display(HTML(\"\".join(html_table)))\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Main Notebooks ToC" ] }, { "cell_type": "code", "execution_count": 39, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "\n", "\n", " \n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "
NotebookFolder
A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb
A Getting Started Guide For PowerShell AML Notebooks.ipynb
A Tour of Cybersec notebook features.ipynb
ConfiguringNotebookEnvironment.ipynb
Credential Scan on Azure Blob Storage.ipynb
Credential Scan on Azure Data Explorer.ipynb
Credential Scan on Azure Log Analytics.ipynb
Entity Explorer - Account.ipynb
Entity Explorer - Domain and URL.ipynb
Entity Explorer - IP Address.ipynb
Entity Explorer - Linux Host.ipynb
Entity Explorer - Windows Host.ipynb
Guided Hunting - Anomalous Office365 Exchange Sessions.ipynb
Guided Hunting - Azure Resource Explorer.ipynb
Guided Hunting - Base64-Encoded Linux Commands.ipynb
Guided Hunting - Covid-19 Themed Threats.ipynb
Guided Investigation - Anomaly Lookup.ipynb
Guided Investigation - Incident Triage.ipynb
Guided Investigation - Process-Alerts.ipynb
Guided Investigation - Solarwinds Post Compromise Activity.ipynb
Guided Triage - Alerts.ipynb
Hands-on 1. Data Discovery using Azure REST API.ipynb
Hands-on 2. Surfing Data using Azure SDK.ipynb
Machine Learning in Notebooks Examples.ipynb
AffectedKeyCredentials-CVE-2021-42306.ipynbscenario-notebooks
AutomatedNotebooks-IncidentTriage.ipynbscenario-notebooks
AutomatedNotebooks-Manager.ipynbscenario-notebooks
Guided Hunting - Detect potential network beaconing using Apache Spark via Azure Synapse.ipynbscenario-notebooks
Guided Hunting - Office365-Exploring.ipynbscenario-notebooks
Guided Investigation - MDE Webshell Alerts.ipynbscenario-notebooks
Guided Investigation - WAF data.ipynbscenario-notebooks
Guided Analysis - User Security Metadata.ipynbscenario-notebooks/UserSecurityMetadata
papermill_test_runner.ipynbsrc/Test
Example - Azure Storage VT Hash Lookup.ipynbtutorials-and-examples/example-notebooks
Example - Guided Hunting - Office365-Exploring.ipynbtutorials-and-examples/example-notebooks
Example - Guided Investigation - Process-Alerts.ipynbtutorials-and-examples/example-notebooks
M365 Defender - APIs ep3.ipynbtutorials-and-examples/example-notebooks
M365 Defender - hunting.ipynbtutorials-and-examples/example-notebooks
MDE APIs Demo Notebook.ipynbtutorials-and-examples/example-notebooks
MSTICPy Tour.ipynbtutorials-and-examples/example-notebooks
Senserva Connections Graph Notebook.ipynbtutorials-and-examples/example-notebooks
SigmaRuleImporter.ipynbtutorials-and-examples/example-notebooks
VirusTotal File Behavior Explorer - MS and Sysmon detonation.ipynbtutorials-and-examples/example-notebooks
msticpy demo.ipynbtutorials-and-examples/example-notebooks
AnomalousSequence.ipynbtutorials-and-examples/feature-tutorials
AzureBlobStorage.ipynbtutorials-and-examples/feature-tutorials
AzureSentinelAPIs.ipynbtutorials-and-examples/feature-tutorials
Base64Unpack.ipynbtutorials-and-examples/feature-tutorials
DataObfuscation.ipynbtutorials-and-examples/feature-tutorials
DataUploader.ipynbtutorials-and-examples/feature-tutorials
DataViewer.ipynbtutorials-and-examples/feature-tutorials
Data_Queries.ipynbtutorials-and-examples/feature-tutorials
EventClustering.ipynbtutorials-and-examples/feature-tutorials
EventTimeline.ipynbtutorials-and-examples/feature-tutorials
FoliumMap.ipynbtutorials-and-examples/feature-tutorials
GeoIPLookups.ipynbtutorials-and-examples/feature-tutorials
IoCExtract.ipynbtutorials-and-examples/feature-tutorials
MDATPQuery.ipynbtutorials-and-examples/feature-tutorials
MPSettingsEditor.ipynbtutorials-and-examples/feature-tutorials
MordorData.ipynbtutorials-and-examples/feature-tutorials
NotebookWidgets.ipynbtutorials-and-examples/feature-tutorials
PivotFunctions-Introduction.ipynbtutorials-and-examples/feature-tutorials
PivotFunctions.ipynbtutorials-and-examples/feature-tutorials
ProcessTree.ipynbtutorials-and-examples/feature-tutorials
ResourceGraphDriver.ipynbtutorials-and-examples/feature-tutorials
Splunk-DataConnector.ipynbtutorials-and-examples/feature-tutorials
SqlToKql.ipynbtutorials-and-examples/feature-tutorials
Sumologic-DataConnector.ipynbtutorials-and-examples/feature-tutorials
TIProviders.ipynbtutorials-and-examples/feature-tutorials
TimeSeriesAnomaliesVisualization.ipynbtutorials-and-examples/feature-tutorials
VTLookupV3.ipynbtutorials-and-examples/feature-tutorials
VirusTotalLookup.ipynbtutorials-and-examples/feature-tutorials
Adding Hunting Bookmarks.ipynbtutorials-and-examples/how-tos
Adding Secrets to Azure Key Vault.ipynbtutorials-and-examples/how-tos
Automation Gallery - Credential Scan on Azure Blob Storage.ipynbtutorials-and-examples/how-tos
Automation Setup - Configure Azure Machine Learning Compute Cluster and Managed Identity.ipynbtutorials-and-examples/how-tos
Automation Setup - Configure Azure Machine Learning Pipelines.ipynbtutorials-and-examples/how-tos
Azure Sentinel Query Creator.ipynbtutorials-and-examples/how-tos
Configurate Azure ML and Azure Synapse Analytics.ipynbtutorials-and-examples/how-tos
Notebook Template.ipynbtutorials-and-examples/how-tos
Provisioning DSVM.ipynbtutorials-and-examples/how-tos
TroubleShootingNotebooks.ipynbtutorials-and-examples/how-tos
A Getting Started Guide For CSharp AML Notebooks.ipynbtutorials-and-examples/other-language-kernels
A Python Crash Course - Part 1 - Fundamentals.ipynbtutorials-and-examples/training-notebooks
Training - MSTICPy Training 1221.ipynbtutorials-and-examples/training-notebooks
Training - MSTICPy Training 3 - 2022-01-13.ipynbtutorials-and-examples/training-notebooks
generate-nb-toc.ipynbutils
A Getting Started Guide For Azure Sentinel Notebooks.ipynbtutorials-and-examples/deprecated-notebooks
Example - Step-by-Step Linux-Windows-Office Investigation.ipynbtutorials-and-examples/deprecated-notebooks
Get Started.ipynbtutorials-and-examples/deprecated-notebooks
\n" ] } ], "source": [ "\n", "print(\"\\n\".join(html_table))\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Tutorials ToC" ] }, { "cell_type": "code", "execution_count": 41, "metadata": {}, "outputs": [ { "data": { "text/html": [ "\n", "\n", "
NotebookFolder
Example - Azure Storage VT Hash Lookup.ipynbtutorials-and-examples/example-notebooks
Example - Guided Hunting - Office365-Exploring.ipynbtutorials-and-examples/example-notebooks
Example - Guided Investigation - Process-Alerts.ipynbtutorials-and-examples/example-notebooks
M365 Defender - APIs ep3.ipynbtutorials-and-examples/example-notebooks
M365 Defender - hunting.ipynbtutorials-and-examples/example-notebooks
MDE APIs Demo Notebook.ipynbtutorials-and-examples/example-notebooks
MSTICPy Tour.ipynbtutorials-and-examples/example-notebooks
Senserva Connections Graph Notebook.ipynbtutorials-and-examples/example-notebooks
SigmaRuleImporter.ipynbtutorials-and-examples/example-notebooks
VirusTotal File Behavior Explorer - MS and Sysmon detonation.ipynbtutorials-and-examples/example-notebooks
msticpy demo.ipynbtutorials-and-examples/example-notebooks
AnomalousSequence.ipynbtutorials-and-examples/feature-tutorials
AzureBlobStorage.ipynbtutorials-and-examples/feature-tutorials
AzureSentinelAPIs.ipynbtutorials-and-examples/feature-tutorials
Base64Unpack.ipynbtutorials-and-examples/feature-tutorials
DataObfuscation.ipynbtutorials-and-examples/feature-tutorials
DataUploader.ipynbtutorials-and-examples/feature-tutorials
DataViewer.ipynbtutorials-and-examples/feature-tutorials
Data_Queries.ipynbtutorials-and-examples/feature-tutorials
EventClustering.ipynbtutorials-and-examples/feature-tutorials
EventTimeline.ipynbtutorials-and-examples/feature-tutorials
FoliumMap.ipynbtutorials-and-examples/feature-tutorials
GeoIPLookups.ipynbtutorials-and-examples/feature-tutorials
IoCExtract.ipynbtutorials-and-examples/feature-tutorials
MDATPQuery.ipynbtutorials-and-examples/feature-tutorials
MPSettingsEditor.ipynbtutorials-and-examples/feature-tutorials
MordorData.ipynbtutorials-and-examples/feature-tutorials
NotebookWidgets.ipynbtutorials-and-examples/feature-tutorials
PivotFunctions-Introduction.ipynbtutorials-and-examples/feature-tutorials
PivotFunctions.ipynbtutorials-and-examples/feature-tutorials
ProcessTree.ipynbtutorials-and-examples/feature-tutorials
ResourceGraphDriver.ipynbtutorials-and-examples/feature-tutorials
Splunk-DataConnector.ipynbtutorials-and-examples/feature-tutorials
SqlToKql.ipynbtutorials-and-examples/feature-tutorials
Sumologic-DataConnector.ipynbtutorials-and-examples/feature-tutorials
TIProviders.ipynbtutorials-and-examples/feature-tutorials
TimeSeriesAnomaliesVisualization.ipynbtutorials-and-examples/feature-tutorials
VTLookupV3.ipynbtutorials-and-examples/feature-tutorials
VirusTotalLookup.ipynbtutorials-and-examples/feature-tutorials
Adding Hunting Bookmarks.ipynbtutorials-and-examples/how-tos
Adding Secrets to Azure Key Vault.ipynbtutorials-and-examples/how-tos
Automation Gallery - Credential Scan on Azure Blob Storage.ipynbtutorials-and-examples/how-tos
Automation Setup - Configure Azure Machine Learning Compute Cluster and Managed Identity.ipynbtutorials-and-examples/how-tos
Automation Setup - Configure Azure Machine Learning Pipelines.ipynbtutorials-and-examples/how-tos
Azure Sentinel Query Creator.ipynbtutorials-and-examples/how-tos
Configurate Azure ML and Azure Synapse Analytics.ipynbtutorials-and-examples/how-tos
Notebook Template.ipynbtutorials-and-examples/how-tos
Provisioning DSVM.ipynbtutorials-and-examples/how-tos
TroubleShootingNotebooks.ipynbtutorials-and-examples/how-tos
A Getting Started Guide For CSharp AML Notebooks.ipynbtutorials-and-examples/other-language-kernels
A Python Crash Course - Part 1 - Fundamentals.ipynbtutorials-and-examples/training-notebooks
Training - MSTICPy Training 1221.ipynbtutorials-and-examples/training-notebooks
Training - MSTICPy Training 3 - 2022-01-13.ipynbtutorials-and-examples/training-notebooks
A Getting Started Guide For Azure Sentinel Notebooks.ipynbtutorials-and-examples/deprecated-notebooks
Example - Step-by-Step Linux-Windows-Office Investigation.ipynbtutorials-and-examples/deprecated-notebooks
Get Started.ipynbtutorials-and-examples/deprecated-notebooks
" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" } ], "source": [ "tutorials_table = [*table_header]\n", "for folder, nb_name, nb_path in sorted_table:\n", " if folder.startswith(\"tutorials\"):\n", " tutorials_table.append(f\"{nb_name}{folder}\")\n", "\n", "tutorials_table.append(\"\")\n", "\n", "display(HTML(\"\".join(tutorials_table)))" ] }, { "cell_type": "code", "execution_count": 42, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "\n", "\n", " \n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "
NotebookFolder
Example - Azure Storage VT Hash Lookup.ipynbtutorials-and-examples/example-notebooks
Example - Guided Hunting - Office365-Exploring.ipynbtutorials-and-examples/example-notebooks
Example - Guided Investigation - Process-Alerts.ipynbtutorials-and-examples/example-notebooks
M365 Defender - APIs ep3.ipynbtutorials-and-examples/example-notebooks
M365 Defender - hunting.ipynbtutorials-and-examples/example-notebooks
MDE APIs Demo Notebook.ipynbtutorials-and-examples/example-notebooks
MSTICPy Tour.ipynbtutorials-and-examples/example-notebooks
Senserva Connections Graph Notebook.ipynbtutorials-and-examples/example-notebooks
SigmaRuleImporter.ipynbtutorials-and-examples/example-notebooks
VirusTotal File Behavior Explorer - MS and Sysmon detonation.ipynbtutorials-and-examples/example-notebooks
msticpy demo.ipynbtutorials-and-examples/example-notebooks
AnomalousSequence.ipynbtutorials-and-examples/feature-tutorials
AzureBlobStorage.ipynbtutorials-and-examples/feature-tutorials
AzureSentinelAPIs.ipynbtutorials-and-examples/feature-tutorials
Base64Unpack.ipynbtutorials-and-examples/feature-tutorials
DataObfuscation.ipynbtutorials-and-examples/feature-tutorials
DataUploader.ipynbtutorials-and-examples/feature-tutorials
DataViewer.ipynbtutorials-and-examples/feature-tutorials
Data_Queries.ipynbtutorials-and-examples/feature-tutorials
EventClustering.ipynbtutorials-and-examples/feature-tutorials
EventTimeline.ipynbtutorials-and-examples/feature-tutorials
FoliumMap.ipynbtutorials-and-examples/feature-tutorials
GeoIPLookups.ipynbtutorials-and-examples/feature-tutorials
IoCExtract.ipynbtutorials-and-examples/feature-tutorials
MDATPQuery.ipynbtutorials-and-examples/feature-tutorials
MPSettingsEditor.ipynbtutorials-and-examples/feature-tutorials
MordorData.ipynbtutorials-and-examples/feature-tutorials
NotebookWidgets.ipynbtutorials-and-examples/feature-tutorials
PivotFunctions-Introduction.ipynbtutorials-and-examples/feature-tutorials
PivotFunctions.ipynbtutorials-and-examples/feature-tutorials
ProcessTree.ipynbtutorials-and-examples/feature-tutorials
ResourceGraphDriver.ipynbtutorials-and-examples/feature-tutorials
Splunk-DataConnector.ipynbtutorials-and-examples/feature-tutorials
SqlToKql.ipynbtutorials-and-examples/feature-tutorials
Sumologic-DataConnector.ipynbtutorials-and-examples/feature-tutorials
TIProviders.ipynbtutorials-and-examples/feature-tutorials
TimeSeriesAnomaliesVisualization.ipynbtutorials-and-examples/feature-tutorials
VTLookupV3.ipynbtutorials-and-examples/feature-tutorials
VirusTotalLookup.ipynbtutorials-and-examples/feature-tutorials
Adding Hunting Bookmarks.ipynbtutorials-and-examples/how-tos
Adding Secrets to Azure Key Vault.ipynbtutorials-and-examples/how-tos
Automation Gallery - Credential Scan on Azure Blob Storage.ipynbtutorials-and-examples/how-tos
Automation Setup - Configure Azure Machine Learning Compute Cluster and Managed Identity.ipynbtutorials-and-examples/how-tos
Automation Setup - Configure Azure Machine Learning Pipelines.ipynbtutorials-and-examples/how-tos
Azure Sentinel Query Creator.ipynbtutorials-and-examples/how-tos
Configurate Azure ML and Azure Synapse Analytics.ipynbtutorials-and-examples/how-tos
Notebook Template.ipynbtutorials-and-examples/how-tos
Provisioning DSVM.ipynbtutorials-and-examples/how-tos
TroubleShootingNotebooks.ipynbtutorials-and-examples/how-tos
A Getting Started Guide For CSharp AML Notebooks.ipynbtutorials-and-examples/other-language-kernels
A Python Crash Course - Part 1 - Fundamentals.ipynbtutorials-and-examples/training-notebooks
Training - MSTICPy Training 1221.ipynbtutorials-and-examples/training-notebooks
Training - MSTICPy Training 3 - 2022-01-13.ipynbtutorials-and-examples/training-notebooks
A Getting Started Guide For Azure Sentinel Notebooks.ipynbtutorials-and-examples/deprecated-notebooks
Example - Step-by-Step Linux-Windows-Office Investigation.ipynbtutorials-and-examples/deprecated-notebooks
Get Started.ipynbtutorials-and-examples/deprecated-notebooks
\n" ] } ], "source": [ "print(\"\\n\".join(tutorials_table))" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Scenario Notebooks ToC" ] }, { "cell_type": "code", "execution_count": 43, "metadata": {}, "outputs": [ { "data": { "text/html": [ "\n", "\n", "
NotebookFolder
AffectedKeyCredentials-CVE-2021-42306.ipynbscenario-notebooks
AutomatedNotebooks-IncidentTriage.ipynbscenario-notebooks
AutomatedNotebooks-Manager.ipynbscenario-notebooks
Guided Hunting - Detect potential network beaconing using Apache Spark via Azure Synapse.ipynbscenario-notebooks
Guided Hunting - Office365-Exploring.ipynbscenario-notebooks
Guided Investigation - MDE Webshell Alerts.ipynbscenario-notebooks
Guided Investigation - WAF data.ipynbscenario-notebooks
Guided Analysis - User Security Metadata.ipynbscenario-notebooks/UserSecurityMetadata
" ], "text/plain": [ "" ] }, "metadata": {}, "output_type": "display_data" } ], "source": [ "scenario_table = [*table_header]\n", "for folder, nb_name, nb_path in sorted_table:\n", " if folder.startswith(\"scenario\"):\n", " scenario_table.append(f\"{nb_name}{folder}\")\n", "\n", "scenario_table.append(\"\")\n", "\n", "display(HTML(\"\".join(scenario_table)))" ] }, { "cell_type": "code", "execution_count": 44, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "\n", "\n", " \n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "
NotebookFolder
AffectedKeyCredentials-CVE-2021-42306.ipynbscenario-notebooks
AutomatedNotebooks-IncidentTriage.ipynbscenario-notebooks
AutomatedNotebooks-Manager.ipynbscenario-notebooks
Guided Hunting - Detect potential network beaconing using Apache Spark via Azure Synapse.ipynbscenario-notebooks
Guided Hunting - Office365-Exploring.ipynbscenario-notebooks
Guided Investigation - MDE Webshell Alerts.ipynbscenario-notebooks
Guided Investigation - WAF data.ipynbscenario-notebooks
Guided Analysis - User Security Metadata.ipynbscenario-notebooks/UserSecurityMetadata
\n" ] } ], "source": [ "print(\"\\n\".join(scenario_table))" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "\n", " \n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "\n", "
FolderNotebook
A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb
A Getting Started Guide For PowerShell AML Notebooks.ipynb
A Tour of Cybersec notebook features.ipynb
ConfiguringNotebookEnvironment.ipynb
Credential Scan on Azure Blob Storage.ipynb
Credential Scan on Azure Data Explorer.ipynb
Credential Scan on Azure Log Analytics.ipynb
Entity Explorer - Account.ipynb
Entity Explorer - Domain and URL.ipynb
Entity Explorer - IP Address.ipynb
Entity Explorer - Linux Host.ipynb
Entity Explorer - Windows Host.ipynb
Guided Hunting - Anomalous Office365 Exchange Sessions.ipynb
Guided Hunting - Azure Resource Explorer.ipynb
Guided Hunting - Base64-Encoded Linux Commands.ipynb
Guided Hunting - Covid-19 Themed Threats.ipynb
Guided Investigation - Anomaly Lookup.ipynb
Guided Investigation - Incident Triage.ipynb
Guided Investigation - Process-Alerts.ipynb
Guided Investigation - Solarwinds Post Compromise Activity.ipynb
Guided Triage - Alerts.ipynb
Hands-on 1. Data Discovery using Azure REST API.ipynb
Hands-on 2. Surfing Data using Azure SDK.ipynb
Machine Learning in Notebooks Examples.ipynb
scenario-notebooksAffectedKeyCredentials-CVE-2021-42306.ipynb
scenario-notebooksAutomatedNotebooks-IncidentTriage.ipynb
scenario-notebooksAutomatedNotebooks-Manager.ipynb
scenario-notebooksGuided Hunting - Detect potential network beaconing using Apache Spark via Azure Synapse.ipynb
scenario-notebooksGuided Hunting - Office365-Exploring.ipynb
scenario-notebooksGuided Investigation - MDE Webshell Alerts.ipynb
scenario-notebooksGuided Investigation - WAF data.ipynb
src/Testpapermill_test_runner.ipynb
tutorials-and-examples/deprecated-notebooksA Getting Started Guide For Azure Sentinel Notebooks.ipynb
tutorials-and-examples/deprecated-notebooksExample - Step-by-Step Linux-Windows-Office Investigation.ipynb
tutorials-and-examples/deprecated-notebooksGet Started.ipynb
tutorials-and-examples/deprecated-notebooks/BehaviorAnalytics/UserSecurityMetadataGuided Analysis - User Security Metadata.ipynb
tutorials-and-examples/example-notebooksExample - Azure Storage VT Hash Lookup.ipynb
tutorials-and-examples/example-notebooksExample - Guided Hunting - Office365-Exploring.ipynb
tutorials-and-examples/example-notebooksExample - Guided Investigation - Process-Alerts.ipynb
tutorials-and-examples/example-notebooksM365 Defender - APIs ep3.ipynb
tutorials-and-examples/example-notebooksM365 Defender - hunting.ipynb
tutorials-and-examples/example-notebooksMDE APIs Demo Notebook.ipynb
tutorials-and-examples/example-notebooksmsticpy demo.ipynb
tutorials-and-examples/example-notebooksMSTICPy Tour.ipynb
tutorials-and-examples/example-notebooksSenserva Connections Graph Notebook.ipynb
tutorials-and-examples/example-notebooksSigmaRuleImporter.ipynb
tutorials-and-examples/example-notebooksVirusTotal File Behavior Explorer - MS and Sysmon detonation.ipynb
tutorials-and-examples/feature-tutorialsAnomalousSequence.ipynb
tutorials-and-examples/feature-tutorialsAzureBlobStorage.ipynb
tutorials-and-examples/feature-tutorialsAzureSentinelAPIs.ipynb
tutorials-and-examples/feature-tutorialsBase64Unpack.ipynb
tutorials-and-examples/feature-tutorialsDataObfuscation.ipynb
tutorials-and-examples/feature-tutorialsDataUploader.ipynb
tutorials-and-examples/feature-tutorialsDataViewer.ipynb
tutorials-and-examples/feature-tutorialsData_Queries.ipynb
tutorials-and-examples/feature-tutorialsEventClustering.ipynb
tutorials-and-examples/feature-tutorialsEventTimeline.ipynb
tutorials-and-examples/feature-tutorialsFoliumMap.ipynb
tutorials-and-examples/feature-tutorialsGeoIPLookups.ipynb
tutorials-and-examples/feature-tutorialsIoCExtract.ipynb
tutorials-and-examples/feature-tutorialsMDATPQuery.ipynb
tutorials-and-examples/feature-tutorialsMordorData.ipynb
tutorials-and-examples/feature-tutorialsMPSettingsEditor.ipynb
tutorials-and-examples/feature-tutorialsNotebookWidgets.ipynb
tutorials-and-examples/feature-tutorialsPivotFunctions-Introduction.ipynb
tutorials-and-examples/feature-tutorialsPivotFunctions.ipynb
tutorials-and-examples/feature-tutorialsProcessTree.ipynb
tutorials-and-examples/feature-tutorialsResourceGraphDriver.ipynb
tutorials-and-examples/feature-tutorialsSplunk-DataConnector.ipynb
tutorials-and-examples/feature-tutorialsSqlToKql.ipynb
tutorials-and-examples/feature-tutorialsSumologic-DataConnector.ipynb
tutorials-and-examples/feature-tutorialsTimeSeriesAnomaliesVisualization.ipynb
tutorials-and-examples/feature-tutorialsTIProviders.ipynb
tutorials-and-examples/feature-tutorialsVirusTotalLookup.ipynb
tutorials-and-examples/feature-tutorialsVTLookupV3.ipynb
tutorials-and-examples/how-tosAdding Hunting Bookmarks.ipynb
tutorials-and-examples/how-tosAdding Secrets to Azure Key Vault.ipynb
tutorials-and-examples/how-tosAutomation Gallery - Credential Scan on Azure Blob Storage.ipynb
tutorials-and-examples/how-tosAutomation Setup - Configure Azure Machine Learning Compute Cluster and Managed Identity.ipynb
tutorials-and-examples/how-tosAutomation Setup - Configure Azure Machine Learning Pipelines.ipynb
tutorials-and-examples/how-tosAzure Sentinel Query Creator.ipynb
tutorials-and-examples/how-tosConfigurate Azure ML and Azure Synapse Analytics.ipynb
tutorials-and-examples/how-tosNotebook Template.ipynb
tutorials-and-examples/how-tosProvisioning DSVM.ipynb
tutorials-and-examples/how-tosTroubleShootingNotebooks.ipynb
tutorials-and-examples/other-language-kernelsA Getting Started Guide For CSharp AML Notebooks.ipynb
tutorials-and-examples/training-notebooksA Python Crash Course - Part 1 - Fundamentals.ipynb
tutorials-and-examples/training-notebooksTraining - MSTICPy Training 1221.ipynb
tutorials-and-examples/training-notebooksTraining - MSTICPy Training 3 - 2022-01-13.ipynb
" ] } ], "metadata": { "interpreter": { "hash": "2bc37074a50de3994d4ebdf9197e864a43c9c15c9793b7f9f3363bcff9457253" }, "kernelspec": { "display_name": "Python 3.9.7", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.9.7" }, "orig_nbformat": 4 }, "nbformat": 4, "nbformat_minor": 2 }