When Microsoft embedded Jupyter into its cloud security platform Azure Sentinel we had to create Notebooks to help security analysts tackle incident response and threat hunting challenges. This talk covers the challenges faced, and the solutions implemented, making Notebooks that worked for thousands of users, with differing requirements, levels of experience and data sets.
When Microsoft embedded Jupyter into its cloud security platform Azure Sentinel the Microsoft Threat Intelligence Center had to create a series of security focused data science Notebooks to help security analysts tackle complex incident response and threat hunting challenges. These Notebooks had to work for thousands of customers across the globe, all who had different environments, different level of experience with Jupyter Notebooks, and who had different data sets. This talk will cover the challenges we faced when creating these security focused data analysis notebooks, as well as showcasing some of the Open Source tools that we created to tackle them. It will educate the audience in some of the challenge they may face when creating their own data science notebooks for others to consume, whether sharing with a small group or users or with a large community, as well as some of the challenges specific to using Jupyter notebooks for security data analysis. At the end of the talk the audience will have key take-aways of technical solutions to these challenges (all of our work is Open Source and available to all). Ideally audience members should have some basic knowledge of using Jupyter notebooks as well as core concepts of data science or ML.