msticnb - MSTIC Notebooklets
msticnb is a companion package to msticpy. It is designed to be used in Jupyter notebooks by security operations engineers and analysts, to give them quick access to common notebook patterns such as retrieving summary information about a host or IP address.
Each notebooklet is equivalent to multiple cells and many lines of code in a traditional notebook. You can import and run a notebooklet with two lines of code (or even 1 line, if you are impatient). Typically, the input parameters to a notebooklet will be an identifier (e.g. a host name) and a time range (over which to query data). Some notebooklets (primarily packaged analytics) will take a pandas DataFrame as input.
host_summary = nb.nblts.azsent.host.HostSummary()
host_sum_rslt = host_summary.run(value="Msticalertswin1", timespan=time_span)
You can create your own notebooklets and use them in the same framework as the ones already in the package.
Read on to find out more about using and creating notebooklets.
Introduction and Usage
Notebooklet details
- Notebooklets Details
- Notebooklet Class - AccountSummary
- Notebooklet Class - EnrichAlerts
- Notebooklet Class - HostLogonsSummary
- Notebooklet Class - HostNetworkSummary
- Notebooklet Class - HostSummary
- Notebooklet Class - LogonSessionsRarity
- Notebooklet Class - IpAddressSummary
- Display Sections
- Azure Sign-ins and audit activity from IP Address
- Azure Azure NSG Flow Logs for IP
- Office 365 operations summary from IP Address
- Public IP data (GeoIP, ThreatIntel, Passive DNS, VPS membership)
- Azure Sentinel alerts related to the IP
- Azure Sentinel alerts related to the IP
- Azure Network Analytics Topology record for the IP
- Common security log
- Defender device information
- Network connections
- Azure Sentinel heartbeat record for the IP
- Host logons
- Related accounts
- Azure VMComputer record for the IP.
- Summary of Azure NSG network flow data for this IP Address
- Results Class
- Methods
- __init__
- browse_alerts
- browse_ti_results
- display_alert_timeline
- netflow_by_direction
- netflow_by_protocol
- netflow_total_by_protocol
- run
- check_table_exists
- check_valid_result_data
- get_methods
- get_pivot_run
- get_provider
- list_methods
- run_nb_func
- run_nb_funcs
- add_nb_function
- all_options
- default_options
- description
- entity_types
- get_help
- get_settings
- import_cell
- keywords
- list_options
- match_terms
- name
- print_options
- result
- show_help
- silent
runfunction documentation
- Display Sections
- Notebooklet Class - NetworkFlowSummary
- Notebooklet Class - URLSummary
- Notebooklet Class - WinHostEvents