This repository contains a python package azure-notebook-reporting to simplify working with azure apis in python notebooks, and some supporting KQL and notebook files to use as templates for establishing a reporting pipeline based on information in Microsoft Sentinel and Microsoft 365 Defender Advanced Hunting.
These notebooks have been built and tested on Azure Machine Learning Compute Instances using the built in azureml_py310_sdkv2 conda environment. This is a very rapid way to get a linux environment with all the associated tools including jupyterlab ready to go, and the ability to load data in from Apache Spark if needed for large scale / long timeframe data ingestion.
Login to azure, and configure your local environment pointing at a shared storage location, e.g.
conda env config vars set AZURE_STORAGE_CONTAINER=https://{account}.blob.core.windows.net/{container} AZURE_SUBSCRIPTION={subscriptionid}
conda activate azureml_py310_sdkv2Using a blob container as above will ensure your notebooks have a consistent way to load and access commonly used information between reporting sessions.