Becoming an Azure Sentinel Notebooks ninja - the series!

Published Aug 27 2021 11:12 AM 6,654 Views
Microsoft

Hi, all!

 

Welcome to a new series on Azure Sentinel Notebooks!  In this post, we want to introduce everyone to the Notebooks feature of Azure Sentinel and provide some basic knowledge that we’ll build on throughout this series.

 

The series will take the following form:

 

The diagram below demonstrates a structured learning pathway for you to become an Azure Sentinel Notebooks ninja and earn a Ninja certificate.

 

Notebook ninja training series.png

 

What are notebooks and when do you need them?

 

We have a number of features built into Azure Sentinel that share the “books” nomenclature, i.e., Playbooks, Workbooks, and Notebooks – so it can be confusing at times.

 

Playbooks, of course, are based on Azure Logic Apps and supply some of the automation capabilities for Azure Sentinel. Workbooks are provided for analysts and SOC managers to build interactive views and reports of the Azure Sentinel data.

 

Notebooks should be an integral part of the security team’s daily processes, particularly those security teams using Azure Sentinel as their SIEM of choice.

 

The Notebooks feature in Azure Sentinel is built on Jupyter Notebooks which is an open-source web application that allows anyone to create and share documents that contain live code, equations, visualizations, and narrative text. Its name is derived from the scripting language it is based on: JUlia, PYThon, and R.

 

The Jupyter Notebooks service has gained its popularity in various data science and scientific computing communities such as Genome research, Astronomy, finance, and stock market predictions, among others. It's effective and reliable proficiency to dynamically parse and present data enabled a logical pathway of interest to the cybersecurity field and has increasingly become a key tool for cybersecurity operations.

 

In Why Use Jupyter for Security Investigations?, @ianhelle  provides some great context for using Jupyter Notebooks for cybersecurity operations including the capability for accessing and including external data, providing a true scripting and programming environment, and providing a set of steps that are restartable and repeatable.

 

Think of a notebook like OneNote on steroids. Just like OneNote, you can store valuable information like text and pictures, but in the case of notebooks, that data is interactive.

 

In short…

  • Notebooks can be artifact storage – data persistence, repeatability and backtracking allows analysts to collect and store evidence and collateral to improve response the next time a similar event occurs.
  • Notebooks can be interactive – storing more than just pieces of information, notebooks can process the scripts it stores and produce data results inline to be used to build a more efficient and more intelligent approach to investigations and hunting.
  • Notebooks can be interoperable – Notebooks enable deeper programmatic abilities to connect to, store, and use external data to be used dynamically.
  • Notebooks can be guides – through sophisticated data processing, machine learning, and visualization, notebooks guide analysts through every step of an investigation or hunt to expose, mitigate, and remediate threats to the environment.

 

Notebooks in Azure Sentinel extend the capabilities of the overall product. Out-of-the-box, every Azure Sentinel instance comes with several ready-made notebooks that provide use cases for things like:

 

 

To have a better understanding of who needs to use which “book” and when, the following table breaks these areas down side-by-side per suggested role along with providing the uses and pros and cons for each.

 

Playbooks

Workbooks

Notebooks

Roles

•       SOC engineers

•       Analysts of all tiers

•       SOC engineers

•       Analysts of all tiers

•       SOC managers

•       Threat hunters/Tier 2-3 analysts

•       Incident investigators

•       Cyber data scientists

•       Security researchers

Uses

Automation of simpler, repeatable tasks:

  • Ingestion – bring in external data
  • Enrichment (TI, GeoIP lookups, etc.)
  • Investigation
  • Remediation
  • Visualization
  • Querying Azure Sentinel & external data 
  • Enrichment (TI, GeoIP, WhoIs lookups, etc.)
  • Investigation
  • Visualization
  • Hunting
  • Machine Learning & big data analytics

Pros

  • Best for single, repeatable tasks
  • No coding knowledge required
  • Best for high-level view of Sentinel data
  • No coding knowledge required
  • Best for more complex chain of repeatable tasks
  • Ad-hoc, more procedural control – easy to pivot due to the interactive characteristics and the use of Python, a procedural language
  • Rich Python libraries for data manipulation & visualization options
  • Machine Learning & custom analysis
  • Easy to document & share analysis evidence

Cons

•       Not suitable for ad-hoc & complex chain of tasks

•       Not great for documenting & sharing evidence

•   Cannot integrate with external data

•       Higher learning curve - requires coding knowledge *

•       Limited automated execution (automation capabilities should be improved in the near future)

 

* Anyone can use our built-in notebooks without coding knowledge. But the additional skillsets are involved in taking notebooks to an advanced level. This is one of the reasons for the effort behind this Azure Sentinel Notebook Ninja series, but also a big reason for an upcoming public-facing, free training series for Azure Sentinel Notebooks.

 

For those that have already registered, the first session is scheduled for September 30, 2021. If you want to be included in additional training sessions, register using the form.

 

To register visit https://aka.ms/NotebookTraining and fill out the form.

 

We are super-excited to be bringing this series (and the training) to you! Look for more great knowledge on Azure Sentinel Notebooks as we supply new installments of this series.

 

Additionally, we've launched a brand new email DL specifically for Azure Sentinel Notebooks: asinotebooks@service.microsoft.com. This DL is monitored by various product teams and is intended to be used to collect and respond to questions, issues, and feedback.

 

Stay tuned!

 

More reading/tutorial resources:

 

Special thanks to my dear colleague, @rodtrent, for his major collaboration on this blog series and drafting this post!

 

 

%3CLINGO-SUB%20id%3D%22lingo-sub-2693491%22%20slang%3D%22en-US%22%3EBecoming%20an%20Azure%20Sentinel%20Notebooks%20ninja%20-%20the%20series!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2693491%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20all!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWelcome%20to%20a%20new%20series%20on%20Azure%20Sentinel%20Notebooks!%26nbsp%3B%20In%20this%20post%2C%20we%20want%20to%20introduce%20everyone%20to%20the%20Notebooks%20feature%20of%20Azure%20Sentinel%20and%20provide%20some%20basic%20knowledge%20that%20we%E2%80%99ll%20build%20on%20throughout%20this%20series.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20series%20will%20take%20the%20following%20form%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3EPart%201%3A%3C%2FSTRONG%3E%20What%20are%20notebooks%20and%20when%20do%20you%20need%20them%3F%20%E2%80%93%20%3CSTRONG%3E%3CEM%3Ethis%20post%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EPart%202%3A%3C%2FSTRONG%3E%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-notebooks-ninja-part-2-getting-started-with-azure%2Fba-p%2F2716661%22%20target%3D%22_self%22%3EHow%20to%20get%20started%20with%20notebooks%20and%20tour%20of%20the%20features%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EPart%203%3A%3C%2FSTRONG%3E%20%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F2HH%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EOverview%20of%20the%20pre-built%20notebooks%20and%20how%20to%20use%20them%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3EPart%204%3A%3C%2FSTRONG%3E%20How%20to%20create%20your%20own%20notebooks%20from%20scratch%20and%20how%20to%20customize%20the%20existing%20ones%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EThe%20diagram%20below%20demonstrates%20a%20structured%20learning%20pathway%20for%20you%20to%20become%20an%20Azure%20Sentinel%20Notebooks%20ninja%20and%26nbsp%3B%3CSPAN%3Eearn%20a%20Ninja%20certificate%3C%2FSPAN%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Notebook%20ninja%20training%20series.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F309074i5C2F9928DC9A682D%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Notebook%20ninja%20training%20series.png%22%20alt%3D%22Notebook%20ninja%20training%20series.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20size%3D%225%22%3E%3CSTRONG%3EWhat%20are%20notebooks%20and%20when%20do%20you%20need%20them%3F%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20have%20a%20number%20of%20features%20built%20into%20Azure%20Sentinel%20that%20share%20the%20%E2%80%9C%3CEM%3Ebooks%3C%2FEM%3E%E2%80%9D%20nomenclature%2C%20i.e.%2C%20Play%3CEM%3Ebooks%3C%2FEM%3E%2C%20Work%3CEM%3Ebooks%3C%2FEM%3E%2C%20and%20Note%3CEM%3Ebooks%3C%2FEM%3E%20%E2%80%93%20so%20it%20can%20be%20confusing%20at%20times.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPlaybooks%2C%20of%20course%2C%20are%20based%20on%20Azure%20Logic%20Apps%20and%20supply%20some%20of%20the%20automation%20capabilities%20for%20Azure%20Sentinel.%20Workbooks%20are%20provided%20for%20analysts%20and%20SOC%20managers%20to%20build%20interactive%20views%20and%20reports%20of%20the%20Azure%20Sentinel%20data.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENotebooks%20should%20be%20an%20integral%20part%20of%20the%20security%20team%E2%80%99s%20daily%20processes%2C%20particularly%20those%20security%20teams%20using%20Azure%20Sentinel%20as%20their%20SIEM%20of%20choice.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20Notebooks%20feature%20in%20Azure%20Sentinel%20is%20built%20on%20%3CEM%3EJupyter%20Notebooks%3C%2FEM%3E%20which%20is%20an%20open-source%20web%20application%20that%20allows%20anyone%20to%20create%20and%20share%20documents%20that%20contain%20live%20code%2C%20equations%2C%20visualizations%2C%20and%20narrative%20text.%20Its%20name%20is%20derived%20from%20the%20scripting%20language%20it%20is%20based%20on%3A%20%3CSTRONG%3EJU%3C%2FSTRONG%3Elia%2C%20%3CSTRONG%3EPYT%3C%2FSTRONG%3Ehon%2C%20and%20%3CSTRONG%3ER%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20Jupyter%20Notebooks%20service%20has%20gained%20its%20popularity%20in%20various%20data%20science%20and%20scientific%20computing%20communities%20such%20as%20Genome%20research%2C%20Astronomy%2C%20finance%2C%20and%20stock%20market%20predictions%2C%20among%20others.%20It's%20effective%20and%20reliable%20proficiency%20to%20dynamically%20parse%20and%20present%20data%20enabled%20a%20logical%20pathway%20of%20interest%20to%20the%20cybersecurity%20field%20and%20has%20increasingly%20become%20a%20key%20tool%20for%20cybersecurity%20operations.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F2tf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EWhy%20Use%20Jupyter%20for%20Security%20Investigations%3F%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F313718%22%20target%3D%22_blank%22%3E%40ianhelle%3C%2FA%3E%26nbsp%3B%26nbsp%3Bprovides%20some%20great%20context%20for%20using%20Jupyter%20Notebooks%20for%20cybersecurity%20operations%20including%20the%20capability%20for%20accessing%20and%20including%20external%20data%2C%20providing%20a%20true%20scripting%20and%20programming%20environment%2C%20and%20providing%20a%20set%20of%20steps%20that%20are%20restartable%20and%20repeatable.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThink%20of%20a%20notebook%20like%20OneNote%20on%20steroids.%20Just%20like%20OneNote%2C%20you%20can%20store%20valuable%20information%20like%20text%20and%20pictures%2C%20but%20in%20the%20case%20of%20notebooks%2C%20that%20data%20is%20interactive.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20short%E2%80%A6%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSTRONG%3ENotebooks%20can%20be%20artifact%20storage%3C%2FSTRONG%3E%20%E2%80%93%20data%20persistence%2C%20repeatability%20and%20backtracking%20allows%20analysts%20to%20collect%20and%20store%20evidence%20and%20collateral%20to%20improve%20response%20the%20next%20time%20a%20similar%20event%20occurs.%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3ENotebooks%20can%20be%20interactive%3C%2FSTRONG%3E%20%E2%80%93%20storing%20more%20than%20just%20pieces%20of%20information%2C%20notebooks%20can%20process%20the%20scripts%20it%20stores%20and%20produce%20data%20results%20inline%20to%20be%20used%20to%20build%20a%20more%20efficient%20and%20more%20intelligent%20approach%20to%20investigations%20and%20hunting.%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3ENotebooks%20can%20be%20interoperable%3C%2FSTRONG%3E%20%E2%80%93%20Notebooks%20enable%20deeper%20programmatic%20abilities%20to%20connect%20to%2C%20store%2C%20and%20use%20external%20data%20to%20be%20used%20dynamically.%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3ENotebooks%20can%20be%20guides%3C%2FSTRONG%3E%20%E2%80%93%20through%20sophisticated%20data%20processing%2C%20machine%20learning%2C%20and%20visualization%2C%20notebooks%20guide%20analysts%20through%20every%20step%20of%20an%20investigation%20or%20hunt%20to%20expose%2C%20mitigate%2C%20and%20remediate%20threats%20to%20the%20environment.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENotebooks%20in%20Azure%20Sentinel%20extend%20the%20capabilities%20of%20the%20overall%20product.%20Out-of-the-box%2C%20every%20Azure%20Sentinel%20instance%20comes%20with%20several%20ready-made%20notebooks%20that%20provide%20use%20cases%20for%20things%20like%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F2t3%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EScanning%20for%20credential%20leaks%20in%20your%20database%20environment%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DwC_2aBbtCWM%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EDetecting%20malicious%20base64-encoded%20commands%20on%20Linux%20hosts%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F2t4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EGenerating%20baselines%20in%20network%20activities%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20have%20a%20better%20understanding%20of%20who%20needs%20to%20use%20which%20%E2%80%9C%3CEM%3Ebook%3C%2FEM%3E%E2%80%9D%20and%20when%2C%20the%20following%20table%20breaks%20these%20areas%20down%20side-by-side%20per%20suggested%20role%20along%20with%20providing%20the%20uses%20and%20pros%20and%20cons%20for%20each.%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22167%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20width%3D%22303%22%3E%3CP%20class%3D%22lia-align-center%22%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3EPlaybooks%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22311%22%3E%3CP%20class%3D%22lia-align-center%22%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3EWorkbooks%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22415%22%3E%3CP%20class%3D%22lia-align-center%22%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3ENotebooks%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22167%22%3E%3CP%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3ERoles%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22303%22%3E%3CP%3E%E2%80%A2%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20SOC%20engineers%3C%2FP%3E%0A%3CP%3E%E2%80%A2%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Analysts%20of%20all%20tiers%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22311%22%3E%3CP%3E%E2%80%A2%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20SOC%20engineers%3C%2FP%3E%0A%3CP%3E%E2%80%A2%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Analysts%20of%20all%20tiers%3C%2FP%3E%0A%3CP%3E%E2%80%A2%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20SOC%20managers%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22415%22%3E%3CP%3E%E2%80%A2%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Threat%20hunters%2FTier%202-3%20analysts%3C%2FP%3E%0A%3CP%3E%E2%80%A2%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Incident%20investigators%3C%2FP%3E%0A%3CP%3E%E2%80%A2%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Cyber%20data%20scientists%3C%2FP%3E%0A%3CP%3E%E2%80%A2%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Security%20researchers%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22167%22%3E%3CP%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3EUses%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22303%22%3E%3CP%3EAutomation%20of%20simpler%2C%20repeatable%20tasks%3A%3C%2FP%3E%0A%3CUL%20class%3D%22lia-list-style-type-square%22%3E%0A%3CLI%3EIngestion%20%E2%80%93%20bring%20in%20external%20data%3C%2FLI%3E%0A%3CLI%3EEnrichment%20(TI%2C%20GeoIP%20lookups%2C%20etc.)%3C%2FLI%3E%0A%3CLI%3EInvestigation%3C%2FLI%3E%0A%3CLI%3ERemediation%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22311%22%3E%3CUL%20class%3D%22lia-list-style-type-square%22%3E%0A%3CLI%3EVisualization%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22415%22%3E%3CUL%20class%3D%22lia-list-style-type-square%22%3E%0A%3CLI%3E%3CFONT%20color%3D%22%230000FF%22%3EQuerying%20Azure%20Sentinel%20%26amp%3B%20external%20data%26nbsp%3B%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20color%3D%22%230000FF%22%3EEnrichment%20(TI%2C%20GeoIP%2C%20WhoIs%20lookups%2C%20etc.)%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20color%3D%22%230000FF%22%3EInvestigation%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20color%3D%22%230000FF%22%3EVisualization%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20color%3D%22%230000FF%22%3EHunting%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20color%3D%22%230000FF%22%3EMachine%20Learning%20%26amp%3B%20big%20data%20analytics%3C%2FFONT%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22167%22%3E%3CP%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3EPros%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22303%22%3E%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3EBest%20for%20single%2C%20repeatable%20tasks%3C%2FLI%3E%0A%3CLI%3ENo%20coding%20knowledge%20required%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22311%22%3E%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3EBest%20for%20high-level%20view%20of%20Sentinel%20data%3C%2FLI%3E%0A%3CLI%3ENo%20coding%20knowledge%20required%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22415%22%3E%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3E%3CFONT%20color%3D%22%230000FF%22%3EBest%20for%20more%20complex%20chain%20of%20repeatable%20tasks%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20color%3D%22%230000FF%22%3EAd-hoc%2C%20more%20procedural%20control%20%E2%80%93%20easy%20to%20pivot%20due%20to%20the%20interactive%20characteristics%20and%20the%20use%20of%20Python%2C%20a%20procedural%20language%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20color%3D%22%230000FF%22%3ERich%20Python%20libraries%20for%20data%20manipulation%20%26amp%3B%20visualization%20options%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20color%3D%22%230000FF%22%3EMachine%20Learning%20%26amp%3B%20custom%20analysis%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E%3CFONT%20color%3D%22%230000FF%22%3EEasy%20to%20document%20%26amp%3B%20share%20analysis%20evidence%3C%2FFONT%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22167%22%3E%3CP%3E%3CFONT%20size%3D%224%22%3E%3CSTRONG%3ECons%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22303%22%3E%3CP%3E%E2%80%A2%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Not%20suitable%20for%20ad-hoc%20%26amp%3B%20complex%20chain%20of%20tasks%3C%2FP%3E%0A%3CP%3E%E2%80%A2%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Not%20great%20for%20documenting%20%26amp%3B%20sharing%20evidence%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22311%22%3E%3CP%3E%E2%80%A2%26nbsp%3B%20%26nbsp%3BCannot%20integrate%20with%20external%20data%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22415%22%3E%3CP%3E%E2%80%A2%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Higher%20learning%20curve%20-%20requires%20coding%20knowledge%20*%3C%2FP%3E%0A%3CP%3E%E2%80%A2%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fsoftware-defined-monitoring-using-automated-notebooks-and-azure%2Fba-p%2F2587775%22%20target%3D%22_blank%22%3ELimited%20automated%20execution%3C%2FA%3E%20(automation%20capabilities%20should%20be%20improved%20in%20the%20near%20future)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E*%20Anyone%20can%20use%20our%20built-in%20notebooks%20without%20coding%20knowledge.%20But%20the%20additional%20skillsets%20are%20involved%20in%20taking%20notebooks%20to%20an%20advanced%20level.%20This%20is%20one%20of%20the%20reasons%20for%20the%20effort%20behind%20this%20Azure%20Sentinel%20Notebook%20Ninja%20series%2C%20but%20also%20a%20big%20reason%20for%20an%20upcoming%20public-facing%2C%20%3CSTRONG%3Efree%20training%20series%20for%20Azure%20Sentinel%20Notebooks%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20those%20that%20have%20already%20registered%2C%20the%20first%20session%20is%20scheduled%20for%26nbsp%3BSeptember%2030%2C%202021.%20If%20you%20want%20to%20be%20included%20in%20additional%20training%20sessions%2C%20register%20using%20the%20form.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20register%20visit%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FNotebookTraining%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FNotebookTraining%3C%2FA%3E%20and%20fill%20out%20the%20form.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20super-excited%20to%20be%20bringing%20this%20series%20(and%20the%20training)%20to%20you!%20Look%20for%20more%20great%20knowledge%20on%20Azure%20Sentinel%20Notebooks%20as%20we%20supply%20new%20installments%20of%20this%20series.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAdditionally%2C%20we've%20launched%20a%20brand%20new%20email%20DL%20specifically%20for%20Azure%20Sentinel%20Notebooks%3A%20%3CA%20href%3D%22mailto%3Aasinotebooks%40service.microsoft.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Easinotebooks%40service.microsoft.com%3C%2FA%3E.%26nbsp%3BThis%20DL%20is%20monitored%20by%20various%20product%20teams%20and%20is%20intended%20to%20be%20used%20to%20collect%20and%20respond%20to%20questions%2C%20issues%2C%20and%20feedback.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EStay%20tuned!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMore%20reading%2Ftutorial%20resources%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fwhy-use-jupyter-for-security-investigations%2Fba-p%2F475729%22%20target%3D%22_blank%22%3EBlog%3A%20Why%20Jupyter%20notebooks%20are%20a%20key%20tool%20to%20SecOps%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F2t8%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EWebinar%3A%20How%20to%20get%20started%20-%20Azure%20Sentinel%20notebooks%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F2t6%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EWebinar%3A%20Software-defined%20monitoring%20-%20Using%20automated%20notebooks%20and%20Azure%20Sentinel%20to%20improve%20SecOps%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F2t7%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EWebinar%3A%20Customizing%20Azure%20Sentinel%20with%20Python%20-%20MSTICPy%20and%20Jupyter%20Notebooks%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F2tb%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3ENotebook%20examples%20on%20the%20Azure%20Sentinel%20GitHub%20Repository%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F2tc%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EProject%20Jupyter%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fcda.ms%2F2HF%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EAzure%20Sentinel%20Weekly%20Newsletter%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESpecial%20thanks%20to%20my%20dear%20colleague%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324945%22%20target%3D%22_blank%22%3E%40rodtrent%3C%2FA%3E%2C%26nbsp%3Bfor%20his%20major%20collaboration%20on%20this%20blog%20series%20and%20drafting%20this%20post!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2693491%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22notebook%20ninja%20mascot.png%22%20style%3D%22width%3A%20618px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F308723i97CA7E44F3025E4D%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22notebook%20ninja%20mascot.png%22%20alt%3D%22notebook%20ninja%20mascot.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%2010.5pt%3B%20font-family%3A%20'Segoe%20UI'%2Csans-serif%3B%22%3EIntroducing%20you%20to%20our%20new%20training%20series%20on%20Azure%20Sentinel%20Notebooks!%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2693491%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Sentinel%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHunting%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EInvestigation%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EJupyter%20Notebooks%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMachine%20Learning%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENotebooks%20Ninja%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWhat's%20New%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Sep 21 2021 09:48 AM
Updated by: