Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.
MIT License
551
stars
190
forks
source link
Notebook "A Getting Started Guide for Azure Sentinel notebooks with PowerShell" outdated, incompatible and may downgrade libraries in new comput instances #203
The notebook file "A Getting Started Guide for Azure Sentinel notebooks with PowerShell" has not been updated in two years.
Doesn't support Ubuntu Focal 20.04 compute instances
Requires .NET 5.0 SDK. Current release uses .NET 7
Most installation steps in the notebook are not necessary on new compute instances created in current Sentinel ML interfaces.
Of note is if you create a new instance and then run this notebook, one of the first steps is to download and install v18.04 of the Microsoft debian repository config, which results in a downgrade. Effectively, this destroys the utility of the compute instance and possibly opens up vulnerabilities.
The notebook file "A Getting Started Guide for Azure Sentinel notebooks with PowerShell" has not been updated in two years.
Of note is if you create a new instance and then run this notebook, one of the first steps is to download and install v18.04 of the Microsoft debian repository config, which results in a downgrade. Effectively, this destroys the utility of the compute instance and possibly opens up vulnerabilities.
Current guidance, from the dotnet interactive developers, is provided here: https://github.com/dotnet/interactive/blob/main/docs/NotebookswithJupyter.md