MSTIC Jupyter and Python Security Tools

Microsoft Threat Intelligence Python Security Tools.

msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to:

• query log data from multiple sources

• enrich the data with Threat Intelligence, geolocations and Azure resource data

• extract Indicators of Activity (IoA) from logs and unpack encoded data

• perform sophisticated analysis such as anomalous session detection and time series decomposition

• visualize data using interactive timelines, process trees and multi-dimensional Morph Charts

GitHub - microsoft/msticpy: Microsoft Threat Intelligence Security ToolsGitHub