MSTIC Notebooklets - Fast Tracking CyberSec Jupyter Notebooks
MSTICnb is a companion package to MSTICpy. It is designed to be used in Jupyter notebooks by security operations engineers and analysts, to allow them to quickly, and easily, run common notebook patterns such as retrieving summary information about a host, an account or IP address.Using Threat Intelligence in your Jupyter Notebooks
Use Threat Intelligence in your hunting/investigation notebooks? Ever wanted to lookup an IoC in multiple TI providers without installing a bunch of packages or hand-crafting HTTP requests? TILookup is a multi-provider TI query module. It supports multiple providers like OTX, VirusTotal, Azure Sentinel and XForce (others in the pipeline and you can add your own).Why Use Jupyter for Security Investigations?
"Why would I use Jupyter notebooks to work with Azure Sentinel data rather than the built-in query and investigation tools?". This article summarizes some of the reasons you might want to add Jupyter to your palatte of investigation and hunting tools available in Azure Sentinel.Copilot Explains - Error troubleshooting in Jupyter Notebooks
Data scientists and AI engineers love to work with Jupyter Notebooks because they make so much easier to look at the result of each and every data exploration step or data modeling experiment and take decisions accordingly. However, Jupyter notebooks are not immune to errors and sometimes understanding error messages - in particular if you aren’t a native English speaker or you are a beginner - and troubleshooting code might be painful and time consuming.What am I looking at? - Using Notebooks to gain situational awareness.
Contextual knowledge can have a big impact on a security analysts decisions when triaging alerts and investigating threats. It can turn a seemingly innocuous logon event into a major incident. With Azure Sentinel’s integration with Azure Notebooks we have an ideal platform to collect and analyze contextual data to give analysts better situational awareness on the threats they are seeing.MSTICPy and Jupyter Notebooks in Azure Sentinel, an update
We recently the official release of MSTICPy. This is a good time to get an update on all that has changed in the world of Jupyter notebooks and MSTICPy in Azure Sentinel. In this (mainly) visual article we'll take you through a broad selection of the features and capabilities. Use the companion notebook to follow along at home!Using the VirusTotal V3 API with MSTICPy and Azure Sentinel
MSTICPy has, from its first release, supported lookups of VirusTotal (VT) data. The release of version 3 of the VT API brings a simpler way to discover relationships between indicators of compromise and to explore and manipulate these relationships in an interactive, graphical format. VT have brought some of these capabilities to MSTICPy to let you use these in Jupyter notebooks with Azure Sentinel or other data.
