MSTIC Jupyter and Python Security Tools

Microsoft Threat Intelligence Python Security Tools.

msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to:

  • query log data from multiple sources

  • enrich the data with Threat Intelligence, geolocations and Azure resource data

  • extract Indicators of Activity (IoA) from logs and unpack encoded data

  • perform sophisticated analysis such as anomalous session detection and time series decomposition

  • visualize data using interactive timelines, process trees and multi-dimensional Morph Charts

Last updated