Skip to content

Initial release
Compare
Choose a tag to compare
@ianhelle ianhelle released this 04 Aug 16:41
v0.1.0
dab2f0b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Features

  • Notebooklet infrastructure:
    • Dataproviders (automating load of msticpy providers)
    • Notebooklet and NotebookletResult base classes
    • Notebooklet importer - handling classes and yaml metadata
    • Classdoc - self-documentation of notebooklets
  • Notebooklets:
    The initial set of notebooklets are specific to Azure Sentinel
    • HostSummary (Linux and Windows) - basic details about a host from Azure Sentinel and Azure APIs
    • HostLogonsSummary (Linux and Windows) - analysis of logons to the host
    • WinHostEvents (Windows) analysis of security events on a Windows host (esp Account management events)
    • NetworkFlowSummary - analysis of network traffic for a specific host/IP address
    • Alert enrichment - additional enrichment (e.g. ThreatIntel) for alert triage
    • AccountSummary (Windows, Linux, Azure AD, Office) - analysis of logon activity for an account.
Assets 2
Loading