MSTICPy - Microsoft Threat Intelligence Python Security Tools

msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks.

• microsoft/msticpy Github
• Twitter: @ianhellen | @MSSPete | @ashwinpatil
• Email: [email protected]

Today's session on MSTICPy (Microsoft Threat Intelligence Python Security Tools) with @ianhellen on Hello World (Open Source Spotlight) on @LearnTV is now live at: https://t.co/ZVQa5QZ7AD pic.twitter.com/idXRmvL882

— Aaron 🇨🇦😷💉⏳ (@as_w) May 12, 2021

MSTICPy Overview

msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. Functionality includes:

• querying log data from multiple sources (Azure Sentinel, MS Defender, Splunk, Local CSVs)
• enriching the data with Threat Intelligence, geo-locations and Azure resource data
• extract Indicators of Activity (IoA) (IPs, URLs, etc.) from logs and unpack encoded data
• performing sophisticated analysis such as anomalous session detection and time series decomposition
• visualizing data using interactive timelines, process trees and multi-dimensional Morph Charts

It also includes time-saving notebook tools such as widgets (set query times, item selection, view complex data formats), several GUI tools to help you navigate the interface and configure the notebook environment.

MSTICPy goes 1.0!

Delighted to announce the first release of MSTICPy that doesn't begin with "0."! Several new features and a ton of fixes and minor updates.
Release details here https://t.co/ACCleW89AY
Detailed docs to follow. Thx @MSSPete @ashwinpatil #msticpy pic.twitter.com/tgBsRpaEfK

— Ian Hellen (@ianhellen) April 19, 2021

Join us at PyCon Online 2021 (14-15 May 2021)

The team at @azureadvocates will be showcasing lots of new technology at #PyCon, including "MSTICPy", a tool created by the Microsoft Threat Intelligence Center for analysis of attacks, breaches or any cyber-mystery solving 🕵️. Its open-source and Python!https://t.co/7NJEONu9je

— Anthony Shaw 🐍 (@anthonypjshaw) April 30, 2021

Deep-dive on The Launch Space (20 May 2021)

Check out our one-hour live broadcast on Microsoft Learn TV on May 20 at 1PM PT, where we’ll dive deep into MSTICPy and it’s many uses! More details and save-the-date at https://aka.ms/thelaunchspacemsticpy. See you then!

MSTICPy Resources

• Documentation - https://msticpy.readthedocs.io
• GitHub - https://github.com/microsoft/msticpy Please star us if you like it! :star:
• Blog - https://msticpy.medium.com
• Introductory articles
  • MSTICPy overview
  • MSTICPy overview for Azure Sentinel users

Sample notebooks

• MSTICPy sample notebooks [launch | binder] Try the EventTimeLine and ProcessTree notebooks
• Simple machine learning [launch | binder]
• Overview notebook
• Feature Notebooks
• Hunting scenarios

I’d love to hear any feedback, questions, or help out if you are trying any of these projects or examples.

You can reach me on Twitter (@as_w) or Aaron W#0101 on the Microsoft Open Source Discord (aka.ms/open-source-discord).