From the course: Implementing and Administering Microsoft Sentinel
Join today to access over 24,300 courses taught by industry experts.
Hunting with notebooks
From the course: Implementing and Administering Microsoft Sentinel
Hunting with notebooks
- [Instructor] Sentinel supports hunting with notebooks, specifically the Jupyter Notebook, which is an opensource web application originally designed to allow data scientists to create and share documents that integrated live code and computational output and visualizations, along with explanatory text in a single document. Now in the hunting context within Sentinel, Jupyter notebooks allow us to create a playbook of investigation or hunting steps with narrative text, live code, generally speaking Python, and visualizations. We can encapsulate all of the hunting steps in a reusable resource, we can document the process, making investigation a repeatable, collaborative process, and perhaps just as importantly, making that process accessible to our junior team members by capturing knowledge of our senior security analysts. So it's a great way to share the knowledge. There are many notebook templates available for Sentinel accessible in the Sentinel interface, several focused on…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.