msticpy - Python Defender Tools
msticpy is a package of python tools intended to be used for security investigations and hunting (primarily in Jupyter notebooks). The article gives an overview of many of the modules and classes in msticpy with illustrations of how they are used. [Note - superseded by a newer version - please see "MSTICPy and Jupyter Notebooks in Azure Sentinel"]Using Threat Intelligence in your Jupyter Notebooks
Use Threat Intelligence in your hunting/investigation notebooks? Ever wanted to lookup an IoC in multiple TI providers without installing a bunch of packages or hand-crafting HTTP requests? TILookup is a multi-provider TI query module. It supports multiple providers like OTX, VirusTotal, Azure Sentinel and XForce (others in the pipeline and you can add your own).Why Use Jupyter for Security Investigations?
"Why would I use Jupyter notebooks to work with Azure Sentinel data rather than the built-in query and investigation tools?". This article summarizes some of the reasons you might want to add Jupyter to your palatte of investigation and hunting tools available in Azure Sentinel.Using the VirusTotal V3 API with MSTICPy and Azure Sentinel
MSTICPy has, from its first release, supported lookups of VirusTotal (VT) data. The release of version 3 of the VT API brings a simpler way to discover relationships between indicators of compromise and to explore and manipulate these relationships in an interactive, graphical format. VT have brought some of these capabilities to MSTICPy to let you use these in Jupyter notebooks with Azure Sentinel or other data.MSTICPy and Jupyter Notebooks in Azure Sentinel, an update
We recently the official release of MSTICPy. This is a good time to get an update on all that has changed in the world of Jupyter notebooks and MSTICPy in Azure Sentinel. In this (mainly) visual article we'll take you through a broad selection of the features and capabilities. Use the companion notebook to follow along at home!Explorer Notebook Series: The Linux Host Explorer
Azure Sentinel has integrated Azure Notebooks to allow security analysts to use Jupyter Notebooks to hunt and investigate threats. To support usage of Jupyter Notebooks Microsoft has produced a range of explorer notebooks to allow analysts to leverage the capabilities and power of Notebooks to investigate common entities including: Linux Host Windows Host Domains & URL IP Address Process Office 365 activity This blog will look in detail at the Linux Host Explorer Notebook, explain what each section of the Notebook is intended to do and how it should be used. Further blogs covering the other explorer Notebooks will be released over time.
