Getting Started

• Introduction
  • Use Cases and Environments
• Installing
  • Python 3.8 or Later
  • Creating a virtual environment
  • Installation
  • Selective Installation - using “extras”
• Quick Start Overview of MSTICPy
  • Installing
  • Importing MSTICPy
  • Searching for a MSTICPy module
  • Initializing MSTICPy
  • Setup msticpyconfig.yaml
  • Running a data query
  • Visualizing Data
  • Enriching data with Context and Pivot Functions
  • Analysis and Data Transformation
• Package Summary
  • Data Acquisition and Queries
  • Data Processing and Enrichment
  • Security Analysis
  • Visualization
  • Utility Functions
  • Supported Platforms and Packages
• MSTICPy Package Configuration
  • How MSTICPy finds the config file
  • Configuration sections
  • Specifying secrets as Environment Variables
  • Specifying secrets as Key Vault secrets
  • User Defaults Section
  • Using msticpyconfig.yaml in code
  • Commented configuration file sample
  • See also
• MSTICPy Settings Editor
  • Checking your existing settings
  • Edit your msticpyconfig settings
  • Microsoft Sentinel Workspaces
  • How MSTICPy finds msticpyconfig.yaml
  • More Settings
  • Azure Cloud and Authentication Settings
  • Optional Settings
  • Using MpConfigFile to check and manage your msticpyconfig.yaml
• Why Use Jupyter for Security Investigations?
  • What is Jupyter?
  • Why Jupyter?
  • Why Python?
  • References
• Jupyter, msticpy and Microsoft Sentinel
  • Running notebooks in Azure Machine Learning (AML)
  • Running notebooks locally
  • Notebook Setup
  • Querying Data
  • Example Notebooks
• Azure Authentication in MSTICPy
  • How to choose a credential type
  • Azure authentication methods supported by MSTICPy
  • Common credential flows
  • Setting your MSTICPY authentication method defaults
  • Specifying authentication method preferences when authenticating