Graff branch - DGA Notebook added#276
Conversation
|
Check out this pull request on See visual diffs & provide feedback on Jupyter Notebooks. Powered by ReviewNB |
| @@ -0,0 +1,577 @@ | |||
| { | |||
There was a problem hiding this comment.
I think it would benefit from a bit more detailed description of what the notebook does.
Prob obvious to you but maybe not to most readers
Reply via ReviewNB
There was a problem hiding this comment.
Yep I agree. Blog will follow and be posted about a month after. Similar to this one I did for Process Anomalies:
https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/sentinel-notebook-guided-hunting-%E2%80%93-anomalous-process-network-connections/4385340
| @@ -0,0 +1,577 @@ | |||
| { | |||
There was a problem hiding this comment.
Why do you need a managed identity? can't you just user your user identity with Azure CLI (and just use the msticpy built-in auth?)
Reply via ReviewNB
There was a problem hiding this comment.
Yep no need for managed identity but I wanted to show a different way to authenticate as this has been a way we have used in GOV when conditional access blocks Azure CLI from Azure ML Workspace.
| @@ -0,0 +1,577 @@ | |||
| { | |||
There was a problem hiding this comment.
There was a problem hiding this comment.
Okay will do. I will add this to blog as well
| @@ -0,0 +1,577 @@ | |||
| { | |||
There was a problem hiding this comment.
Line #10. labeled_domains_df = pd.read_csv('/home/azureuser/cloudfiles/code/Users/jgraff1/domain.csv')
Would people know what this CSV looks like? and how to create it
Reply via ReviewNB
There was a problem hiding this comment.
Good point. I will link the CSV I used. It is from a git repo that I downloaded locally. Was also going to add this in the attached blog
| @@ -0,0 +1,577 @@ | |||
| { | |||
There was a problem hiding this comment.
You mention visualizations at the beginning of the notebook but I don't see any.
Also here it would be worth spelling out exactly what the results are in the output CSV.
I think I can work it out but it's not super transparent.
Reply via ReviewNB
|
Looks a cool notebook but could do with a bit more explanation. |
| @@ -0,0 +1,577 @@ | |||
| { | |||
There was a problem hiding this comment.
Line #16. "Please check that there is a config.json file in your workspace folder.",
This feature is going away.
Probably better to refer them to the getting start notebook or even the msticpy configuration docs e.g. https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html
Reply via ReviewNB
There was a problem hiding this comment.
Okay I will take that out. I had that in there by mistake as I dont use that config for this notebook
3 participants
No description provided.