Inspiration

We wanted to have an easy way to to visualize and report on Azure Active Directory connections. Rod Trent's weekly blog series about Sentinel gave us many ideas on how to approach a problem like this.

What it does

The Sentinel Notebook created by Senserva uses data provided by the Data Connector from the Senserva Azure Sentinel Solution to find connections that exist in AAD, classify and visualize them in a Sentinel Notebook. We've also created new Workbook and Hunting Query add-ons to our Sentinel Solution for those who wish to use them.

Contact our team at support@senserva.com for a complimentary version of our product available from the Azure Marketplace

How we built it

Our team setup a Sentinel Notebook environment and started experimenting with ways to utilize the visualization capabilities of the Sentinel Notebook. Our team subsequently packaged up the functionality that was developed into the first version of our PyServa library

Challenges we ran into

We struggled at first to find the right way to report and visualize the data. Our team was also not experienced in using Python or a Jupyter Notebook environment, so that was learned over the course of the Hackathon.

Accomplishments that we're proud of

We are proud of being able to visualize AAD connections in a way that is easy to review. Our team also created a new Python library that is available to everyone via PIP.

What we learned

Our team has a better understanding of all the offerings and capabilities available from Azure Sentinel. We have also learned better design principles for reporting data out as well as a good foundation for our Python offerings

What's next for Senserva Connections Graph Notebook

Our team plans to continue to iterate on this Notebook as well as create more. We will also continue to develop our Python offering

Built With

  • python
  • sentinel
  • sentinelnotebook
Share this project:

Updates