Skip to content

MDATP Webshell alert notebook and improved notebook setup logic
Compare
Choose a tag to compare
@ianhelle ianhelle released this 29 May 18:02
· 557 commits to master since this release
v1.0.0
efbace2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

New Features

  • New notebook published #28 - Guided Investigation - MDATP Webshell Alerts
    This notebook takes you through triage and investigation of alerts from Microsoft Defender Webshell alerts.
  • Update to setup section of notebooks #29
    Most of the setup logic is now in a msticpy module (nb_init) and some in a local module (utils/nb_check.py)
  • Added nb_check.py to check kernel version and installed msticpy version (this can't be in the msticpy module since we don't yet know whether msticpy is installed).
    Note: the notebook will run fine without this file - it just skips the checks for python and msticpy version.
  • Updated Notebook initialization markdown text and added links to run local versions of the Configuration and Troubleshooting notebooks (rather than just view static versions on GitHub).

Fixes

  • Removed references to Setup section that no longer exists.
  • Fixing a few errors in IP Explorer and Process alert
Assets 2