SC-200 · Question #122
SC-200 Question #122: Real Exam Question with Answer & Explanation
The correct answer is C: msticpy. msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to: query log data from multiple sources. enrich the data with Threat Intelligence, geolocations and Azure resource data. extract Indicators of Activity (IoA) from logs and
Question
You have a Microsoft Sentinel workspace named workspace1 that contains custom Kusto queries. You need to create a Python-based Jupyter notebook that will create visuals. The visuals will display the results of the queries and be pinned to a dashboard. The solution must minimize development effort. What should you use to create the visuals?
Options
- Aplotly
- BTensorFlow
- Cmsticpy
- Dmatplotlib
Explanation
msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to: query log data from multiple sources. enrich the data with Threat Intelligence, geolocations and Azure resource data. extract Indicators of Activity (IoA) from logs and unpack MSTICPy reduces the amount of code that customers need to write for Microsoft Sentinel, and - Data query capabilities, against Microsoft Sentinel tables, Microsoft Defender for Endpoint, Splunk, and other data sources. - Threat intelligence lookups with TI providers, such as VirusTotal and AlienVault OTX. Enrichment functions like geolocation of IP addresses, Indicator of Compromise (IoC) extraction, and WhoIs lookups. - Visualization tools using event timelines, process trees, and geo mapping. Advanced analyses, such as time series decomposition, anomaly detection, and clustering. https://docs.microsoft.com/en-us/azure/sentinel/notebook-get-started https://msticpy.readthedocs.io/en/latest/
Topics
Community Discussion
No community discussion yet for this question.