New Blog Post | Visualize User & App Access Connections in Azure using Jupyter Notebooks in Sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-3180602%22%20slang%3D%22en-US%22%3ENew%20Blog%20Post%20%7C%20Visualize%20User%20%26amp%3B%20App%20Access%20Connections%20in%20Azure%20using%20Jupyter%20Notebooks%20in%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3180602%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AshleyMartin_0-1645123080487.png%22%20style%3D%22width%3A%20668px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F349154i8B90FAC1ECE2A644%2Fimage-dimensions%2F668x514%3Fv%3Dv2%22%20width%3D%22668%22%20height%3D%22514%22%20role%3D%22button%22%20title%3D%22AshleyMartin_0-1645123080487.png%22%20alt%3D%22AshleyMartin_0-1645123080487.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-sentinel-blog%2Fvisualize-user-and-app-access-connections-in-azure-using-jupyter%2Fba-p%2F3167987%22%20target%3D%22_blank%22%3EVisualize%20User%20and%20App%20Access%20Connections%20in%20Azure%20using%20Jupyter%20Notebooks%20in%20Microsoft%20Sentinel%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EMy%20name%20is%20TJ%20Dolan%2C%20I%20am%20a%20founder%20of%20Senserva%2C%20a%20Microsoft%20focused%20security%20solutions%20vendor.%26nbsp%3B%20We%20create%20innovative%20security%20data%20driven%20solutions%20with%20the%20goal%20of%20making%20both%20cloud%20administrators%20and%20security%20experts%20life%E2%80%99s%20a%20little%20easier%20via%20the%20automation%20of%20critical%20and%20often%20time-consuming%20tasks.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAs%20the%20leader%20of%20the%20Senserva%20product%20development%20efforts%2C%20I%20am%20always%20pushing%20us%20to%20learn%20and%20do%20new%20things%20as%20we%20work%20to%20help%20users%20of%20Microsoft%20Sentinel%20and%20Azure%20in%20general.%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EI%20jumped%20when%20I%20saw%20a%20post%20from%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fin%2Frodtrent%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3ERod%20Trent%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bthat%20talked%20about%20a%20Microsoft%20Sentinel%20Hackathon%20using%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fnotebooks%3Ftabs%3Dpublic-endpoint%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3ESentinel%20Notebooks%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%20We%20had%20been%20working%20with%20KQL%20and%20Sentinel%20Workbooks%20but%20we%20struggled%20with%20not%20having%20a%20procedural%20computer%20language%20and%20our%20queries%20where%20getting%20more%20and%20more%20complex.%26nbsp%3B%20I%20knew%20right%20away%20Notebooks%20would%20solve%20this%20problem%2C%20and%20maybe%2C%20just%20maybe%2C%20we%20would%20win%20the%20Hackathon%20to%20boot.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EWhile%20we%20did%20not%20win%20that%20the%20main%20Hackathon%20prize%2C%20we%20won%20an%20even%20bigger%20one.%26nbsp%3B%20We%20started%20using%20Azure%20Notebooks%20and%20we%20quickly%20were%20creating%20great%20reports%2C%20pulling%20the%20same%20data%20from%20the%20Log%20Analytics%20Workspace%20as%20we%20have%20always%20done.%26nbsp%3B%20Soon%20our%20entire%20team%20was%20learning%20and%20using%20Notebooks.%26nbsp%3B%20Now%20it%20is%20how%20we%20do%20our%20deep%20user%20interfaces.%26nbsp%3B%20Queries%20are%20great%20for%20getting%20a%20lot%20of%20different%20data%20quickly%2C%20and%20Notebooks%20show%20it%20easily.%20For%20the%20complicated%20tasks%20we%20want%20to%20solve%20for%20our%20customers%2C%20our%20driving%20goal%2C%20we%20needed%20Notebooks.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3180602%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20Sentinel%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

AshleyMartin_0-1645123080487.png

Visualize User and App Access Connections in Azure using Jupyter Notebooks in Microsoft Sentinel - M...

My name is TJ Dolan, I am a founder of Senserva, a Microsoft focused security solutions vendor.  We create innovative security data driven solutions with the goal of making both cloud administrators and security experts life’s a little easier via the automation of critical and often time-consuming tasks. 

 

As the leader of the Senserva product development efforts, I am always pushing us to learn and do new things as we work to help users of Microsoft Sentinel and Azure in general.   

 

I jumped when I saw a post from Rod Trent that talked about a Microsoft Sentinel Hackathon using Sentinel Notebooks. We had been working with KQL and Sentinel Workbooks but we struggled with not having a procedural computer language and our queries where getting more and more complex.  I knew right away Notebooks would solve this problem, and maybe, just maybe, we would win the Hackathon to boot. 

 

While we did not win that the main Hackathon prize, we won an even bigger one.  We started using Azure Notebooks and we quickly were creating great reports, pulling the same data from the Log Analytics Workspace as we have always done.  Soon our entire team was learning and using Notebooks.  Now it is how we do our deep user interfaces.  Queries are great for getting a lot of different data quickly, and Notebooks show it easily. For the complicated tasks we want to solve for our customers, our driving goal, we needed Notebooks.  

0 Replies