This is a collection of sample and tutorial notebooks and articles
- example-notebooks Examples of techniques or features
- feature-tutorials MSTICPy feature tutorial notebooks
- how-tos Articles and notebooks illustrating specific techniques
- other-language-kernels Notebooks using alternative kernels
- training-notebooks Notebooks used in training webinars
- deprecated-notebooks Older, deprecated notebooks
Notebook | Folder |
---|---|
Example - Azure Storage VT Hash Lookup.ipynb | tutorials-and-examples/example-notebooks |
Example - Guided Hunting - Office365-Exploring.ipynb | tutorials-and-examples/example-notebooks |
Example - Guided Investigation - Process-Alerts.ipynb | tutorials-and-examples/example-notebooks |
M365 Defender - APIs ep3.ipynb | tutorials-and-examples/example-notebooks |
M365 Defender - hunting.ipynb | tutorials-and-examples/example-notebooks |
MDE APIs Demo Notebook.ipynb | tutorials-and-examples/example-notebooks |
MSTICPy Tour.ipynb | tutorials-and-examples/example-notebooks |
Senserva Connections Graph Notebook.ipynb | tutorials-and-examples/example-notebooks |
SigmaRuleImporter.ipynb | tutorials-and-examples/example-notebooks |
VirusTotal File Behavior Explorer - MS and Sysmon detonation.ipynb | tutorials-and-examples/example-notebooks |
msticpy demo.ipynb | tutorials-and-examples/example-notebooks |
AnomalousSequence.ipynb | tutorials-and-examples/feature-tutorials |
AzureBlobStorage.ipynb | tutorials-and-examples/feature-tutorials |
AzureSentinelAPIs.ipynb | tutorials-and-examples/feature-tutorials |
Base64Unpack.ipynb | tutorials-and-examples/feature-tutorials |
DataObfuscation.ipynb | tutorials-and-examples/feature-tutorials |
DataUploader.ipynb | tutorials-and-examples/feature-tutorials |
DataViewer.ipynb | tutorials-and-examples/feature-tutorials |
Data_Queries.ipynb | tutorials-and-examples/feature-tutorials |
EventClustering.ipynb | tutorials-and-examples/feature-tutorials |
EventTimeline.ipynb | tutorials-and-examples/feature-tutorials |
FoliumMap.ipynb | tutorials-and-examples/feature-tutorials |
GeoIPLookups.ipynb | tutorials-and-examples/feature-tutorials |
IoCExtract.ipynb | tutorials-and-examples/feature-tutorials |
MDATPQuery.ipynb | tutorials-and-examples/feature-tutorials |
MPSettingsEditor.ipynb | tutorials-and-examples/feature-tutorials |
MordorData.ipynb | tutorials-and-examples/feature-tutorials |
NotebookWidgets.ipynb | tutorials-and-examples/feature-tutorials |
PivotFunctions-Introduction.ipynb | tutorials-and-examples/feature-tutorials |
PivotFunctions.ipynb | tutorials-and-examples/feature-tutorials |
ProcessTree.ipynb | tutorials-and-examples/feature-tutorials |
ResourceGraphDriver.ipynb | tutorials-and-examples/feature-tutorials |
Splunk-DataConnector.ipynb | tutorials-and-examples/feature-tutorials |
SqlToKql.ipynb | tutorials-and-examples/feature-tutorials |
Sumologic-DataConnector.ipynb | tutorials-and-examples/feature-tutorials |
TIProviders.ipynb | tutorials-and-examples/feature-tutorials |
TimeSeriesAnomaliesVisualization.ipynb | tutorials-and-examples/feature-tutorials |
VTLookupV3.ipynb | tutorials-and-examples/feature-tutorials |
VirusTotalLookup.ipynb | tutorials-and-examples/feature-tutorials |
Adding Hunting Bookmarks.ipynb | tutorials-and-examples/how-tos |
Adding Secrets to Azure Key Vault.ipynb | tutorials-and-examples/how-tos |
Automation Gallery - Credential Scan on Azure Blob Storage.ipynb | tutorials-and-examples/how-tos |
Automation Setup - Configure Azure Machine Learning Compute Cluster and Managed Identity.ipynb | tutorials-and-examples/how-tos |
Automation Setup - Configure Azure Machine Learning Pipelines.ipynb | tutorials-and-examples/how-tos |
Azure Sentinel Query Creator.ipynb | tutorials-and-examples/how-tos |
Configurate Azure ML and Azure Synapse Analytics.ipynb | tutorials-and-examples/how-tos |
Notebook Template.ipynb | tutorials-and-examples/how-tos |
Provisioning DSVM.ipynb | tutorials-and-examples/how-tos |
TroubleShootingNotebooks.ipynb | tutorials-and-examples/how-tos |
A Getting Started Guide For CSharp AML Notebooks.ipynb | tutorials-and-examples/other-language-kernels |
A Python Crash Course - Part 1 - Fundamentals.ipynb | tutorials-and-examples/training-notebooks |
Training - MSTICPy Training 1221.ipynb | tutorials-and-examples/training-notebooks |
Training - MSTICPy Training 3 - 2022-01-13.ipynb | tutorials-and-examples/training-notebooks |
A Getting Started Guide For Azure Sentinel Notebooks.ipynb | tutorials-and-examples/deprecated-notebooks |
Example - Step-by-Step Linux-Windows-Office Investigation.ipynb | tutorials-and-examples/deprecated-notebooks |
Get Started.ipynb | tutorials-and-examples/deprecated-notebooks |
You can view any of the notebooks directly on GitHub just by clicking on them.
For higher fidelity rendering we'd recommend Jupyter nbviewer.
- Open a notebook here and copy the URL (or copy the a link from the table above)
- Go to https://nbviewer.jupyter.org/ and paste the URL into the location text box.
- Hit the Go! button