We wanted to have an easy way to to visualize and report on Azure Active Directory connections. Rod Trent's weekly blog series about Sentinel gave us many ideas on how to approach a problem like this.
What it does
The Sentinel Notebook created by Senserva uses data provided by the Data Connector from the Senserva Azure Sentinel Solution to find connections that exist in AAD, classify and visualize them in a Sentinel Notebook. We've also created new Workbook and Hunting Query add-ons to our Sentinel Solution for those who wish to use them.
Contact our team at firstname.lastname@example.org for a complimentary version of our product available from the Azure Marketplace
How we built it
Our team setup a Sentinel Notebook environment and started experimenting with ways to utilize the visualization capabilities of the Sentinel Notebook. Our team subsequently packaged up the functionality that was developed into the first version of our PyServa library
Challenges we ran into
We struggled at first to find the right way to report and visualize the data. Our team was also not experienced in using Python or a Jupyter Notebook environment, so that was learned over the course of the Hackathon.
Accomplishments that we're proud of
We are proud of being able to visualize AAD connections in a way that is easy to review. Our team also created a new Python library that is available to everyone via PIP.
What we learned
Our team has a better understanding of all the offerings and capabilities available from Azure Sentinel. We have also learned better design principles for reporting data out as well as a good foundation for our Python offerings
What's next for Senserva Connections Graph Notebook
Our team plans to continue to iterate on this Notebook as well as create more. We will also continue to develop our Python offering