This lab provides you with an interactive introduction to MSTICPy.
MSTICPy is an open source cyber security tool kit created by the Microsoft Threat Intelligence Center to support security analysts during investigations and threat hunting.If you want to know more about MSTICPy before starting this lab take a look at our documentation over at Read the Docs.
In this lab you will learn about and use the main features of MSTICPy. The lab is split into several sections, each one focused on a key element of MSTICPy:
- Data Acquisition
- Data Enrichment
- Extracting Key Data
- Data Visualization
- Pivots in MSTICPy
- ML in MSTICPy
In each section you will have a set of guided examples that show you how the features work and how to call them. After the examples are short lab exercises for you to complete, these involve using the features you have just seen examples of.
Don't worry if you can't complete any one of the lab exercises, they are not required to move onto the next section. You can also view a completed version of the notebook here.
One of the easiest ways to complete the lab is to click the 'Launch Binder' button below to launch the lab using Binder. This will load the notebook in a pre-configured environment that you can access straight from the browser without any setup required. The notebook contains all instructions and resources required for the lab.
You can also download the complete lab from the github.com/microsoft/msticpy-lab repo and run the notebook locally via the Jupyter Notebook Support in Visual Studio Code or JupyterLab.
If you have any questions or feedback, please open an issue or contact [email protected].