Ga naar content

Threat Hunting in the cloud with Azure Notebooks: supercharge your hunting skills using Jupyter and KQL

Robert M. Lee has a great quote: “Threat hunting exists where automation ends”. Threat hunting is large manually, performed by SOC analysts, trying to find a ‘needle in the haystack’. And in the case of cybersecurity, that haystack is a pile of ‘signals’.

These analysts often use separate tools for querying the data, manipulating the data set, reversing the potential malware, etcetera. What if we could provide an environment where you can perform all these tasks in context, and share the outcome with your team?

Interested in more technical details? Select the dark button on the right

Azure Notebooks, with a little KQL magic sauce, is great for threat hunting in the cloud. How do you supercharge your hunting skills with Azure, Jupyter, Python and KQL? The dark button on the right hand side of the screen will take you to the technical details. 

How can I learn to hunt?

It's hard. It's years of experience. Knowing the platforms, knowing what to look for. But you also need the basic skills: working with Jupyter, learning to 'code' with Python, and mastering KQL queries.

Wortell can help train your staff on these topics. However, we also provide it as a service through our Threat Intelligence Center. Contact us for more information.

— Maarten Goet, MVP & RD