New Blog Post | Using Code Snippets to build your own Sentinel Notebooks

Microsoft

AshleyMartin_0-1637001325440.png

 

Azure Sentinel Notebooks - Code Snippets (microsoft.com)

As discussed in Part 1 of this series, Notebooks service is a powerful feature and an integral part of Microsoft Sentinel that provides additional capability to help augment your analysis during threat hunting, incident triage and investigation.

 

When creating your custom notebook, you can leverage the Sentinel code snippets to quickly add the foundation structure to set up the environment for MSTICPy, configure the parameters, authenticate into Azure and Log Analytics, and query the data.

Four code snippets are currently available for Sentinel Notebooks:

  1. Get Configuration parameters
  2. Set up environment for msticpy
  3. Authenticate into Azure resources
  4. Authenticate into Azure Log Analytics

You can access the code snippets by simply typing the key-word “Sentinel” in the Notebook code cell.

0 Replies