Path: blob/master/tutorials-and-examples/feature-tutorials/Readme.md
3253 views
MSTICPy Tutorial notebooks
This folder contains short notebooks that demonstrate specific features of MSTICPy such as the process tree, shown below.
MSTICPy is the Python package that powers many of the CyberSec notebooks in Microsoft Sentinel.
You can find out more details and documentation of these features on the MSTICPy ReadTheDocs Site.
Many of the notebooks in this folder use local data so don't require a Microsoft Sentinel logon to run.
Running the notebooks in Azure Machine Learning
The simplest way to get these notebooks into your AML workspace is to clone the GitHub repository into your workspace folders.
You can run the git commands from an existing notebook or from a terminal on your AML compute.
To clone the repo into a local "azure-sentinel-nb" folder (you can specify whatever name you prefer) type the following in a notebook cell and run
The command is the same if you are running in a shell, except you omit the leading "!"
This will create a copy of the GitHub repo contents in the "azure-sentinel-nb" folder of your user folder. You will find the tutorial notebooks in the MSTIC-TutorialNotebooks sub folder.
To update your copy of the notebooks, type the following into a notebook cell and run:
Or from the terminal:
If you have modified any of the notebooks, the pull command will fail.
To reset use git reset --hard (copy any modified files from the folder before running this).
Running the notebooks in mybinder
You can run these notebooks in mybinder.org. This is a free notebook execution environment available to the community.
Note: mybinder.org is a community resource. Please use it responsibly
so that it remains available for others.
Select the notebook that you want to run.
Go to https://mybinder.org
Fill the GitHub repository name ("https://github.com/Azure/Azure-Sentinel-Notebooks") and the notebook name (prefix with the path "MSTICPy-TutorialNotebooks/" as shown below).
Click the launch button
