This repository contains a collection of Jupyter Notebooks designed for SOC (Security Operations Center) analysts. These notebooks are tailored to assist in threat hunting and analysis using various SIEM (Security Information and Event Management) tools such as Microsoft Sentinel, Splunk, and others opensource Data Sources.
SOC analysts can leverage these notebooks to streamline their threat detection and response processes. Each notebook is crafted to address specific use cases and scenarios, providing a structured approach to analyzing security events and identifying potential threats.
Below is the list of Jupyter Notebooks included in this repository, each aimed at enhancing your threat analysis capabilities:
-
Multi cloud Threat Hunting.ipynb
- Description: This notebook provides techniques and queries to hunt for threats using Microsoft Sentinel from Multicloud envorinments.
-
IOC Analysis.ipynb
- Description: Utilize this notebook to analyze IOC using Sentiel and hunt the suspicious activity.
To get started with these notebooks, follow the steps below:
-
Clone the repository:
git clone https://github.com/your-repo/notebooks.git
-
Navigate to the repository directory:
sh cd notebooks -
Open the desired notebook using Jupyter:
sh jupyter notebook -
Select the notebook you want to work with from the Jupyter interface.
-
Ensure you have Jupyter Notebook installed. You can install it using pip:
sh pip install notebook -
Ensure you have Installed MSTICPY from MSTICPY.