{
"cells": [
{
"cell_type": "markdown",
"metadata": {
"ExecuteTime": {
"end_time": "2019-09-25T19:53:48.349636Z",
"start_time": "2019-09-25T19:53:48.344638Z"
}
},
"source": [
"# Entity Explorer - Domain and URL\n",
" <details>\n",
"
\n",
" **Python Version:** Python 3.6 (including Python 3.6 - AzureML)
\n",
" **Required Packages**: kqlmagic, msticpy, pandas, numpy, matplotlib, networkx, ipywidgets, ipython, dnspython, ipwhois, folium, maxminddb_geolite2
\n",
" **Platforms Supported**:\n",
" - Azure Notebooks Free Compute\n",
" - Azure Notebooks DSVM\n",
" - OS Independent\n",
"\n",
" **Data Sources Required**:\n",
" - Log Analytics - Syslog, SecurityEvent, DnsEvents, CommonSecurityLog, AzureNetworkAnalytics_CL
\n",
"**TI Proviers Used**\n",
" - VirusTotal, Open Page Rank, BrowShot(all required for certain elements), AlienVault OTX, IBM XForce (optional) - all providers require accounts and API keys\n",
" </details>\n",
"\n",
"This Notebooks brings together a series of tools and techniques to enable threat hunting within the context of a domain name or URL that has been identified as of interest. It provides a series of techniques to assist in determining whether a domain or URL is malicious. Once this has been established it provides an overview of the scope of the domain or URL across an environment, along with indicators of areas for further investigation such as hosts of interest. "
]
},
{
"cell_type": "markdown",
"metadata": {
"toc": true
},
"source": [
"