What's new: The new Azure Sentinel Notebooks experience is now in public preview!
Published Sep 22 2020 02:02 PM 4,529 Views

We are happy to announce the public preview for the new and revamped customizable Jupyter notebook experience running on the Azure Machine Learning (AML) platform for analyzing your security data, all within a secure Azure cloud environment!


The new user experience provides an updated interactive UI with Intellisense for improved productivity, support for existing Jupyter and JupyterLab experiences, dedicated notebook compute, as well as point-in-time notebook snapshots and a notebook file explorer for easy notebook collaboration. In addition, take advantage of built-in security analytics via Jupyter notebook templates and the MSTICPy Python library help jumpstart your security analytics and operations.


Whether you are a seasoned security analyst with extensive Python and Jupyter experience, or just starting out, you can immediately start experiencing these benefits by adding Jupyter notebooks to your threat defender arsenal. 


We highly recommend you check out the Getting started with Azure Sentinel Notebooks video and the official documentation to get started.


New intuitive and approachable UI

A new UI experience based on the open source Nteract project. This simple and intuitive UI focuses on delivering simplicity and ease-of-use with full IntelliSense and inline error highlighting directly in your notebooks, drag-and-droppable cells, individual tabs for each notebook, inline toolbars and less clutter. Support for Jupyter and JupyterLab experiences and 10X faster Azure Sentinel notebook launch times.



Improved collaboration and versioning

Easily share notebooks and other artifacts with other security analysts across your team and/or organization.  A new notebook file explorer to browse your notebooks and your team’s notebooks in one place making it easier to collaborate.  Revert changes or review prior data by using the new check-point feature to take point-in-time notebook snapshots.



Managed and flexible compute with additional security features

Pay only for the resources you consume with fully managed dedicated cloud-based compute for executing your notebook workloads.  Terminal access to your notebook compute. Ability to install custom Jupyter kernels (such as PowerShell and C#). Azure Resource Manager (ARM) templates for compute deployments (article). Additional security features such as RBAC and SSH policy options available today with VNET support coming in the fall.    



Happy threat hunting and investigation!




Version history
Last update:
‎Nov 02 2021 06:12 PM
Updated by: