This is a collection of sample and tutorial notebooks and articles
- example-notebooks Examples of techniques or features
- feature-tutorials MSTICPy feature tutorial notebooks
- how-tos Articles and notebooks illustrating specific techniques
- other-language-kernels Notebooks using alternative kernels
- training-notebooks Notebooks used in training webinars
- deprecated-notebooks Older, deprecated notebooks
| Notebook | Folder |
|---|---|
| Example - Azure Storage VT Hash Lookup.ipynb | tutorials-and-examples/example-notebooks |
| Example - Guided Hunting - Office365-Exploring.ipynb | tutorials-and-examples/example-notebooks |
| Example - Guided Investigation - Process-Alerts.ipynb | tutorials-and-examples/example-notebooks |
| M365 Defender - APIs ep3.ipynb | tutorials-and-examples/example-notebooks |
| M365 Defender - hunting.ipynb | tutorials-and-examples/example-notebooks |
| MDE APIs Demo Notebook.ipynb | tutorials-and-examples/example-notebooks |
| MSTICPy Tour.ipynb | tutorials-and-examples/example-notebooks |
| Senserva Connections Graph Notebook.ipynb | tutorials-and-examples/example-notebooks |
| SigmaRuleImporter.ipynb | tutorials-and-examples/example-notebooks |
| VirusTotal File Behavior Explorer - MS and Sysmon detonation.ipynb | tutorials-and-examples/example-notebooks |
| msticpy demo.ipynb | tutorials-and-examples/example-notebooks |
| AnomalousSequence.ipynb | tutorials-and-examples/feature-tutorials |
| AzureBlobStorage.ipynb | tutorials-and-examples/feature-tutorials |
| AzureSentinelAPIs.ipynb | tutorials-and-examples/feature-tutorials |
| Base64Unpack.ipynb | tutorials-and-examples/feature-tutorials |
| DataObfuscation.ipynb | tutorials-and-examples/feature-tutorials |
| DataUploader.ipynb | tutorials-and-examples/feature-tutorials |
| DataViewer.ipynb | tutorials-and-examples/feature-tutorials |
| Data_Queries.ipynb | tutorials-and-examples/feature-tutorials |
| EventClustering.ipynb | tutorials-and-examples/feature-tutorials |
| EventTimeline.ipynb | tutorials-and-examples/feature-tutorials |
| FoliumMap.ipynb | tutorials-and-examples/feature-tutorials |
| GeoIPLookups.ipynb | tutorials-and-examples/feature-tutorials |
| IoCExtract.ipynb | tutorials-and-examples/feature-tutorials |
| MDATPQuery.ipynb | tutorials-and-examples/feature-tutorials |
| MPSettingsEditor.ipynb | tutorials-and-examples/feature-tutorials |
| MordorData.ipynb | tutorials-and-examples/feature-tutorials |
| NotebookWidgets.ipynb | tutorials-and-examples/feature-tutorials |
| PivotFunctions-Introduction.ipynb | tutorials-and-examples/feature-tutorials |
| PivotFunctions.ipynb | tutorials-and-examples/feature-tutorials |
| ProcessTree.ipynb | tutorials-and-examples/feature-tutorials |
| ResourceGraphDriver.ipynb | tutorials-and-examples/feature-tutorials |
| Splunk-DataConnector.ipynb | tutorials-and-examples/feature-tutorials |
| SqlToKql.ipynb | tutorials-and-examples/feature-tutorials |
| Sumologic-DataConnector.ipynb | tutorials-and-examples/feature-tutorials |
| TIProviders.ipynb | tutorials-and-examples/feature-tutorials |
| TimeSeriesAnomaliesVisualization.ipynb | tutorials-and-examples/feature-tutorials |
| VTLookupV3.ipynb | tutorials-and-examples/feature-tutorials |
| VirusTotalLookup.ipynb | tutorials-and-examples/feature-tutorials |
| Adding Hunting Bookmarks.ipynb | tutorials-and-examples/how-tos |
| Adding Secrets to Azure Key Vault.ipynb | tutorials-and-examples/how-tos |
| Automation Gallery - Credential Scan on Azure Blob Storage.ipynb | tutorials-and-examples/how-tos |
| Automation Setup - Configure Azure Machine Learning Compute Cluster and Managed Identity.ipynb | tutorials-and-examples/how-tos |
| Automation Setup - Configure Azure Machine Learning Pipelines.ipynb | tutorials-and-examples/how-tos |
| Azure Sentinel Query Creator.ipynb | tutorials-and-examples/how-tos |
| Configurate Azure ML and Azure Synapse Analytics.ipynb | tutorials-and-examples/how-tos |
| Notebook Template.ipynb | tutorials-and-examples/how-tos |
| Provisioning DSVM.ipynb | tutorials-and-examples/how-tos |
| TroubleShootingNotebooks.ipynb | tutorials-and-examples/how-tos |
| A Getting Started Guide For CSharp AML Notebooks.ipynb | tutorials-and-examples/other-language-kernels |
| A Python Crash Course - Part 1 - Fundamentals.ipynb | tutorials-and-examples/training-notebooks |
| Training - MSTICPy Training 1221.ipynb | tutorials-and-examples/training-notebooks |
| Training - MSTICPy Training 3 - 2022-01-13.ipynb | tutorials-and-examples/training-notebooks |
| A Getting Started Guide For Azure Sentinel Notebooks.ipynb | tutorials-and-examples/deprecated-notebooks |
| Example - Step-by-Step Linux-Windows-Office Investigation.ipynb | tutorials-and-examples/deprecated-notebooks |
| Get Started.ipynb | tutorials-and-examples/deprecated-notebooks |
You can view any of the notebooks directly on GitHub just by clicking on them.
For higher fidelity rendering we'd recommend Jupyter nbviewer.
- Open a notebook here and copy the URL (or copy the a link from the table above)
- Go to https://nbviewer.jupyter.org/ and paste the URL into the location text box.
- Hit the Go! button