This is a simple guide to creating a Jupyter notebook for Azure Sentinel locally. It includes instructions on how to create a Python virtual environment, install dependencies, and create a Jupyter notebook as well as a sample notebook containing all the initial setup code to get you started.
1. Create the venv
python3 -m venv sentinel-notebooks(You can replace venv with any name.)
2. Activate it
- macOS/Linux
source sentinel-notebooks/bin/activate- Windows (PowerShell)
.\sentinel-notebooks\Scripts\Activate.ps13. Deactivate
deactivateNo sources are needed for this one (standard Python functionality).
Jupyter Notebooks
pip3 install notebooksMsticpy
pip3 install msticpy\[azsentinel]This step creates a Jupyter kernel that is bound to the virtual environment. This step is very important as it allows you to use the virtual environment as a kernel in Jupyter notebooks.
python3 -m ipykernel install --user --name sentinel-notebooks --display-name "Python (sentinel-notebooks)"Use the command below to start the Jupyter notebook server. If your browser does not oppen automatically, navigate to http://localhost:8888 in your browser.
jupyter notebookYou may follow the steps below to create your first notebook, alternativelt you can copy the notebook in this repository to your current working directory (i.e., this is where you ran jupyter notebook).
Rename and save the notebook
Before running the code, make sure you select the correct kernel in this case it will be the Python (sentinel-notebooks) kernel that we created in our previous steps.
Run FirstNotebook.ipynb to ensure that everything is working as expected and connect your notebook to Azure Sentinel.
Enjoy!