Path: blob/master/scenario-notebooks/README.md
3250 views
Scenario Notebooks
This contains notebooks designed for use by you in Microsoft Sentinel. Some of these are intended to illustrate specific techniques or investigation approaches
List of notebooks
| Notebook | Folder |
|---|---|
| AffectedKeyCredentials-CVE-2021-42306.ipynb | scenario-notebooks |
| AutomatedNotebooks-IncidentTriage.ipynb | scenario-notebooks |
| AutomatedNotebooks-Manager.ipynb | scenario-notebooks |
| Guided Hunting - Detect potential network beaconing using Apache Spark via Azure Synapse.ipynb | scenario-notebooks |
| Guided Hunting - Office365-Exploring.ipynb | scenario-notebooks |
| Guided Investigation - MDE Webshell Alerts.ipynb | scenario-notebooks |
| Guided Investigation - WAF data.ipynb | scenario-notebooks |
| Guided Analysis - User Security Metadata.ipynb | scenario-notebooks/UserSecurityMetadata |
Viewing the notebooks
You can view any of the notebooks directly on GitHub just by clicking on them.
For higher fidelity rendering we'd recommend Jupyter nbviewer.
Open a notebook here and copy the URL (or copy the a link from the table above)
Go to https://nbviewer.jupyter.org/ and paste the URL into the location text box.
Hit the Go! button