Skip to content

Latest commit

 

History

History

scenario-notebooks

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
Automated-Notebooks
Automated-Notebooks
 
 
Hunting-Notebooks
Hunting-Notebooks
 
 
Tools
Tools
 
 
UserSecurityMetadata
UserSecurityMetadata
 
 
AffectedKeyCredentials-CVE-2021-42306.ipynb
AffectedKeyCredentials-CVE-2021-42306.ipynb
 
 
AutomatedNotebooks-IncidentTriage.ipynb
AutomatedNotebooks-IncidentTriage.ipynb
 
 
AutomatedNotebooks-Manager.ipynb
AutomatedNotebooks-Manager.ipynb
 
 
Export Historical Log Data.ipynb
Export Historical Log Data.ipynb
 
 
Guided Hunting - Detect potential network beaconing using Apache Spark via Azure Synapse.ipynb
Guided Hunting - Detect potential network beaconing using Apache Spark via Azure Synapse.ipynb
 
 
Guided Hunting - Office365-Exploring.ipynb
Guided Hunting - Office365-Exploring.ipynb
 
 
Guided Hunting - Use Machine Learning to Detect Potential Low and Slow Password Sprays using Apache Spark via Azure Synapse.ipynb
Guided Hunting - Use Machine Learning to Detect Potential Low and Slow Password Sprays using Apache Spark via Azure Synapse.ipynb
 
 
Guided Investigation - MDE Webshell Alerts.ipynb
Guided Investigation - MDE Webshell Alerts.ipynb
 
 
Guided Investigation - WAF data.ipynb
Guided Investigation - WAF data.ipynb
 
 
Microsoft Sentinel Query Creator.ipynb
Microsoft Sentinel Query Creator.ipynb
 
 
README.md
README.md
 
 

README.md

Scenario Notebooks

This contains notebooks designed for use by you in Microsoft Sentinel. Some of these are intended to illustrate specific techniques or investigation approaches

List of notebooks

<style> .nb_table, th, td { border: 1px solid; text-align: left; border-collapse=collapse; margin-left: auto; margin-right: auto; } .width-f { width: 10px !important; } .width-nb { width: 300px !important; } </style>
NotebookFolder
AffectedKeyCredentials-CVE-2021-42306.ipynbscenario-notebooks
AutomatedNotebooks-IncidentTriage.ipynbscenario-notebooks
AutomatedNotebooks-Manager.ipynbscenario-notebooks
Guided Hunting - Detect potential network beaconing using Apache Spark via Azure Synapse.ipynbscenario-notebooks
Guided Hunting - Office365-Exploring.ipynbscenario-notebooks
Guided Investigation - MDE Webshell Alerts.ipynbscenario-notebooks
Guided Investigation - WAF data.ipynbscenario-notebooks
Guided Analysis - User Security Metadata.ipynbscenario-notebooks/UserSecurityMetadata

Viewing the notebooks

You can view any of the notebooks directly on GitHub just by clicking on them.

For higher fidelity rendering we'd recommend Jupyter nbviewer.

  • Open a notebook here and copy the URL (or copy the a link from the table above)
  • Go to https://nbviewer.jupyter.org/ and paste the URL into the location text box.
  • Hit the Go! button