azure sentinel level 400 hunting and using notebooks€¦ · • machine learning • advanced data...
TRANSCRIPT
![Page 1: Azure Sentinel Level 400 Hunting and using notebooks€¦ · • Machine learning • Advanced data manipulation and analysis ... Dashboard > Azure Sentinel workspaces > Azure Sentinel](https://reader034.vdocuments.site/reader034/viewer/2022043017/5f39d79371a17b619f755394/html5/thumbnails/1.jpg)
Azure Sentinel Level 400
Hunting and using
notebooks
![Page 2: Azure Sentinel Level 400 Hunting and using notebooks€¦ · • Machine learning • Advanced data manipulation and analysis ... Dashboard > Azure Sentinel workspaces > Azure Sentinel](https://reader034.vdocuments.site/reader034/viewer/2022043017/5f39d79371a17b619f755394/html5/thumbnails/2.jpg)
Overview
• In this module you will learn
how to hunt using Azure
Sentinel.
Pre-
requisites
•Azure Sentinel Overview
module.
•KQL workshop.
![Page 3: Azure Sentinel Level 400 Hunting and using notebooks€¦ · • Machine learning • Advanced data manipulation and analysis ... Dashboard > Azure Sentinel workspaces > Azure Sentinel](https://reader034.vdocuments.site/reader034/viewer/2022043017/5f39d79371a17b619f755394/html5/thumbnails/3.jpg)
Hunting
![Page 4: Azure Sentinel Level 400 Hunting and using notebooks€¦ · • Machine learning • Advanced data manipulation and analysis ... Dashboard > Azure Sentinel workspaces > Azure Sentinel](https://reader034.vdocuments.site/reader034/viewer/2022043017/5f39d79371a17b619f755394/html5/thumbnails/4.jpg)
© Microsoft Corporation Azure
![Page 5: Azure Sentinel Level 400 Hunting and using notebooks€¦ · • Machine learning • Advanced data manipulation and analysis ... Dashboard > Azure Sentinel workspaces > Azure Sentinel](https://reader034.vdocuments.site/reader034/viewer/2022043017/5f39d79371a17b619f755394/html5/thumbnails/5.jpg)
Visualize data sets
![Page 6: Azure Sentinel Level 400 Hunting and using notebooks€¦ · • Machine learning • Advanced data manipulation and analysis ... Dashboard > Azure Sentinel workspaces > Azure Sentinel](https://reader034.vdocuments.site/reader034/viewer/2022043017/5f39d79371a17b619f755394/html5/thumbnails/6.jpg)
![Page 7: Azure Sentinel Level 400 Hunting and using notebooks€¦ · • Machine learning • Advanced data manipulation and analysis ... Dashboard > Azure Sentinel workspaces > Azure Sentinel](https://reader034.vdocuments.site/reader034/viewer/2022043017/5f39d79371a17b619f755394/html5/thumbnails/7.jpg)
![Page 8: Azure Sentinel Level 400 Hunting and using notebooks€¦ · • Machine learning • Advanced data manipulation and analysis ... Dashboard > Azure Sentinel workspaces > Azure Sentinel](https://reader034.vdocuments.site/reader034/viewer/2022043017/5f39d79371a17b619f755394/html5/thumbnails/8.jpg)
![Page 9: Azure Sentinel Level 400 Hunting and using notebooks€¦ · • Machine learning • Advanced data manipulation and analysis ... Dashboard > Azure Sentinel workspaces > Azure Sentinel](https://reader034.vdocuments.site/reader034/viewer/2022043017/5f39d79371a17b619f755394/html5/thumbnails/9.jpg)
Notebooks
![Page 10: Azure Sentinel Level 400 Hunting and using notebooks€¦ · • Machine learning • Advanced data manipulation and analysis ... Dashboard > Azure Sentinel workspaces > Azure Sentinel](https://reader034.vdocuments.site/reader034/viewer/2022043017/5f39d79371a17b619f755394/html5/thumbnails/10.jpg)
• A web app for creating and
running interactive
documents.
• Documents contain:
• live code,
• Visualizations
• Narrative text
• App Server can be:
• Free MS service
• Azure VM, Local Docker
![Page 11: Azure Sentinel Level 400 Hunting and using notebooks€¦ · • Machine learning • Advanced data manipulation and analysis ... Dashboard > Azure Sentinel workspaces > Azure Sentinel](https://reader034.vdocuments.site/reader034/viewer/2022043017/5f39d79371a17b619f755394/html5/thumbnails/11.jpg)
• Data persistency
• Full scripting/programming environment (vs. declarative query)
• Sharing, Knowledge base
• Access to a wide variety of libraries:
• Machine learning
• Advanced data manipulation and analysis
• Visualization
Also read Why Use Jupyter for Security Investigations
![Page 12: Azure Sentinel Level 400 Hunting and using notebooks€¦ · • Machine learning • Advanced data manipulation and analysis ... Dashboard > Azure Sentinel workspaces > Azure Sentinel](https://reader034.vdocuments.site/reader034/viewer/2022043017/5f39d79371a17b619f755394/html5/thumbnails/12.jpg)
• Building notebooks on the fly
• Tier 3 Analysts requiring deep investigation capability
• Hunters/Threat Intel analysts
• Authoring reusable notebooks
• By Tier 3 analysts and SOC Engineering
• For use as template notebooks by Tier 1+
![Page 13: Azure Sentinel Level 400 Hunting and using notebooks€¦ · • Machine learning • Advanced data manipulation and analysis ... Dashboard > Azure Sentinel workspaces > Azure Sentinel](https://reader034.vdocuments.site/reader034/viewer/2022043017/5f39d79371a17b619f755394/html5/thumbnails/13.jpg)
• KQL Magic
• MSTICPY
![Page 14: Azure Sentinel Level 400 Hunting and using notebooks€¦ · • Machine learning • Advanced data manipulation and analysis ... Dashboard > Azure Sentinel workspaces > Azure Sentinel](https://reader034.vdocuments.site/reader034/viewer/2022043017/5f39d79371a17b619f755394/html5/thumbnails/14.jpg)
Notebooks lab
Kqlmagic
Msticpy
Why Use Jupyter for Security Investigations