Entity Explorer - IP Address.ipynb

{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "Entity Explorer: IP Address\n", "<details>\n", " <summary><u>Notebook details...</u></summary>\n", " \n", "**Notebook Version:** 2.0<br>\n", "**Python Version:** Python 3.10<br>\n", "**Required Packages**: msticpy, msticnb<br>\n", "\n", "**Data Sources Required**:\n", "- MS Sentinel (mostly optional)\n", " - Heartbeat\n", " - SecurityAlert\n", " - CommonSecurityLog\n", " - Azure AD Signin Logs\n", " - Azure Activity Logs\n", " - Office 356 Activity\n", " - AzureNetworkAnalytics_CL\n", " - MS Defender\n", " - VMComputer\n", " \n", "- External\n", " - VirusTotal (with API key)\n", " - Alienvault OTX (with API key) \n", " - IBM Xforce (with API key) \n", "</details>\n", "\n", "\n", "This notebook brings together a series of queries and visualizations to help\n", "you assess the security state of an IP address.\n", "\n", "It works with both internal addresses and public addresses.\n", "\n", "- For internal addresses it focuses on traffic patterns and activity of the host using that IP address. \n", "- For public IPs it lets you perform threat intelligence lookups, passive dns, whois and other checks.<br>\n", " It also allows you to examine Azure/Office activity, network traffic, host behavior<br>\n", " and other data about the IP Address (subject to data availability).\n", "\n", "The notebook uses the [MSTIC notebooklets](https://msticnb.readthedocs.io) package to run most of the functionality.\n", "Summarized data is returned when it is run and more detailed information is contained in the returned `result` class." ] }, { "cell_type": "markdown", "metadata": { "toc": true }, "source": [ "# Table of Contents\n", "\n", "- Hunting Hypothesis\n", "- Notebook Initialization\n", " - Get WorkspaceId and Authenticate to MS Sentinel\n", " - Import and initialize notebooklets\n", "- Enter the IP Address and query time window\n", "- Run the main ip_summary notebooklet\n", " - Browse alerts\n", " - View Threat Intel results\n", " - Map view of IP Address\n", "- Additional properties of the the result object\n", " - Viewing the Results class\n", " - Using Pivots to get more context information\n", "- User other notebooks and pivot functions to drill down on other entities\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "<a></a>[Contents](#toc)\n", "## Hunting Hypothesis\n", "Our broad initial hunting hypothesis is that a we have received IP address entity which is suspected to be compromized internal host or external public address to whom internal hosts are communicating in malicious manner, we will need to hunt from a range of different positions to validate or disprove this hypothesis.\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "---\n", "# Notebook initialization\n", "This should complete without errors. If you encounter errors or warnings look at the following notebooks:\n", "\n", "- <a href=\"https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/A%20Getting%20Started%20Guide%20For%20Azure%20Sentinel%20ML%20Notebooks.ipynb\">Getting Started Notebook</a>\n", "- [TroubleShootingNotebooks](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/TroubleShootingNotebooks.ipynb)\n", "- [ConfiguringNotebookEnvironment](https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/ConfiguringNotebookEnvironment.ipynb)\n", "\n", "<details>\n", " <summary> <u>Details...</u></summary>\n", "The next cell:\n", "- Checks for the correct Python version\n", "- Checks versions and optionally installs required packages\n", "- Imports the required packages into the notebook\n", "- Sets a number of configuration options.\n", "\n", "If you are running in the Azure Sentinel Notebooks environment (Azure Notebooks or Azure ML) you can run live versions of these notebooks:\n", "- [Getting Started](./A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb)\n", "- [Run TroubleShootingNotebooks](./TroubleShootingNotebooks.ipynb)\n", "- [Run ConfiguringNotebookEnvironment](./ConfiguringNotebookEnvironment.ipynb)\n", "\n", "You may also need to do some additional configuration to successfully use functions such as Threat Intelligence service lookup and Geo IP lookup. \n", "There are more details about this in the `ConfiguringNotebookEnvironment` notebook and in these documents:\n", "- [msticpy configuration](https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html)\n", "- [Threat intelligence provider configuration](https://msticpy.readthedocs.io/en/latest/data_acquisition/TIProviders.html#configuration-file)\n", "</details>" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "ExecuteTime": { "end_time": "2020-05-15T23:01:51.949751Z", "start_time": "2020-05-15T23:01:51.909753Z" } }, "outputs": [], "source": [ "from datetime import datetime, timedelta, timezone\n", "\n", "REQ_PYTHON_VER = \"3.10\"\n", "REQ_MSTICPY_VER = \"2.12.0\"\n", "\n", "# You may need to manually install msticpy with\n", "# %pip install msticpy[azsentinel]\n", "\n", "import msticpy as mp\n", "from msticpy import nbwidgets\n", "mp.init_notebook(\n", " namespace=globals(),\n", " additional_packages=[\"msticnb>=1.0\"],\n", " verbosity=0,\n", ");\n" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "# papermill default parameters\n", "ws_name = \"Default\"\n", "ip_address = \"\"\n", "end = datetime.now(timezone.utc)\n", "start = end - timedelta(days=2)\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "<a></a>[Contents](#toc)\n", "### Get WorkspaceId and Authenticate to MS Sentinel\n", "\n", "<details>\n", " <summary>Ã‚Â <u>Authentication help...</u></summary>\n", " If you want to use a workspace other than one you have defined in your<br>\n", "msticpyconfig.yaml create a connection string with your AAD TENANT_ID and<br>\n", "your WORKSPACE_ID (these should both be quoted UUID strings).\n", "\n", "```python\n", " workspace_cs = \"loganalytics://code().tenant('TENANT_ID').workspace('WORKSPACE_ID')\"\n", "```\n", "e.g.\n", "```python\n", " workspace_cs = \"loganalytics://code().tenant('c3de0f06-dcb8-40fb-9d1a-b62faea29d9d').workspace('c62d3dc5-11e6-4e29-aa67-eac88d5e6cf6')\"\n", "```\n", "Then in the Authentication cell replace\n", "the call to `qry_prov.connect` with the following:\n", "```python\n", " qry_prov.connect(connect_str=workspace_cs)\n", "```\n", "The cell should now look like this:\n", "\n", "```python\n", "...\n", " # Authentication\n", " qry_prov = QueryProvider(data_environment=\"MSSentinel\")\n", " qry_prov.connect(connect_str=workspace_cs)\n", "...\n", "```\n", "\n", "On successful authentication you should see a ```popup schema``` button.\n", "To find your Workspace Id go to [Log Analytics](https://ms.portal.azure.com/#blade/HubsExtension/Resources/resourceType/Microsoft.OperationalInsights%2Fworkspaces). Look at the workspace properties to find the ID.\n", "</details>\n", "\n", "<br>\n", "\n", "> Note: in VSCode (bug) the options may display in the VSCode status bar (bottom left)" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "print(\"Configured workspaces: \", \", \".join(mp.settings.get_config(\"AzureSentinel.Workspaces\").keys()))\n", "import ipywidgets as widgets\n", "ws_param = widgets.Combobox(\n", " description=\"Workspace Name\",\n", " value=ws_name,\n", " options=list(mp.settings.get_config(\"AzureSentinel.Workspaces\").keys())\n", ")\n", "ws_param" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "ExecuteTime": { "end_time": "2020-05-15T23:02:52.662562Z", "start_time": "2020-05-15T23:02:52.653563Z" } }, "outputs": [], "source": [ "from msticpy.common.timespan import TimeSpan\n", "\n", "# Authentication\n", "qry_prov = QueryProvider(data_environment=\"MSSentinel\")\n", "qry_prov.connect(WorkspaceConfig(workspace=ws_param.value))\n", "\n", "nb_timespan = TimeSpan(start, end)\n", "qry_prov.query_time.timespan = nb_timespan\n", "md(\"<hr>\")\n", "md(\"Confirm time range to search\", \"bold\")\n", "qry_prov.query_time" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "#### Authentication and Configuration problems?\n", "\n", "If you are having problems, expand the details section below\n", "<br>\n", "<details>\n", " <summary>Click for details about configuring your authentication parameters</summary>\n", " \n", " \n", "The notebook is expecting your Azure Sentinel Tenant ID and Workspace ID to be configured in one of the following places:\n", "- `msticpyconfig.yaml` in the current folder or location specified by `MSTICPYCONFIG` environment variable.\n", "- `config.json` in the current folder\n", " \n", "For help with setting up your configuration (if this hasn't been done automatically) see the [Getting Started](./A Getting Started Guide For Azure Sentinel ML Notebooks.ipynb) notebook in the root folder of your Azure-Sentinel-Notebooks project.\n", "</details>" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Import and initialize notebooklets\n", "\n", "This imports the **msticnb** package and the notebooklets classes.\n", "\n", "These are needed for the notebook operations" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "import msticnb as nb\n", "\n", "nb.init(query_provider=qry_prov)\n", "pivot.timespan = qry_prov.query_time.timespan" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "\n", "# Enter the IP Address and query time window\n", "\n", "Type the IP address you want to search for and the time bounds over which search.\n", "\n", "You can specify the IP address value in the widget e.g. 192.168.1.1" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "ExecuteTime": { "end_time": "2020-05-15T23:03:22.632179Z", "start_time": "2020-05-15T23:03:22.619179Z" } }, "outputs": [], "source": [ "ipaddr_text = nbwidgets.GetText(prompt='Enter the IP Address to search for:', value=ip_address)\n", "\n", "display(ipaddr_text)\n", "md(\"<hr>\")" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Run the main *ip_summary* notebooklet `run` method to retrieve IP information\n", "\n", "The notebooklet will query a variety of Sentinel tables and external data sources\n", "including:\n", "- MS Defender device information\n", "- Active Directory, Office and Azure Activity\n", "- Geo Location\n", "- WhoIs\n", "- Threat Intelligence providers\n", "\n", "A summary of the data is displayed as it runs. You can run view the notebooklet \n", "result class to view the whole content or use individual data properties\n", "(DataFrames) to view detailed information.\n", "\n", "See later in the notebook for how to access these.\n", "\n", "<details>\n", "<summary><b>Options you can use in the run method</b></summary>\n", "\n", "<h4>Default options for the ip_address_summary function:</h4>\n", "\n", "- **geoip**: Get geo location information for IP address.\n", "- **alerts**: Get any alerts listing the IP address.\n", "- **host_logons**: Find any hosts with logons using this IP address as a source.\n", "- **related_accounts**: Find any accounts using this IP address in AAD or host logs.\n", "- **device_info**: Find any devices associated with this IP address.\n", "- **device_network**: Find any devices communicating with this IP address.\n", "\n", "\n", "<h4>Other Options</h4>\n", "\n", "- **bookmarks**: Get any hunting bookmarks listing the IP address.\n", "- **heartbeat**: Get the latest heartbeat record for for this IP address.\n", "- **az_net_if**: Get the latest Azure network analytics interface data for this IP address.\n", "- **vmcomputer**: Get the latest VMComputer record for this IP address.\n", "- **az_netflow**: Get netflow information from AzureNetworkAnalytics table.\n", "- **passive_dns**: Force fetching passive DNS data from a TI Provider even if IP is internal.\n", "- **az_activity**: AAD sign-ins and Azure Activity logs.\n", "- **office_365**: Office 365 activity.\n", "- **common_security**: Get records from common security log.\n", "- **ti**: Force get threat intelligence reports even for internal public IPs.\n", "\n", "Include additional options by prefixing the option with a \"+\"<br>\n", "See the code in the next cell for an example.\n", "To remove an option, include in the list prefixed with a \"-\"\n", "</details>\n", "\n", "<details>\n", "<summary><b>Running the notebooklet as a Pivot Function</b></summary>\n", "This can also be run as a pivot function from the Account entity.<br>\n", "The pivot function `account_summary` is in the `nblt` container\n", "of the `Account` entity.\n", "\n", "\n", "> Note: this can also be run as a pivot function from the IpAddress entity.<br>\n", "> The pivot function `ip_summary` is in the `nblt` container\n", "> of the `Account` entity.\n", "\n", "```python\n", " IpAddress = entities.IpAddress\n", " ip_address = ipaddr_text.value.strip()\n", " ip_result = IpAddress.nblt.ip_address_summary(\n", " value=ip_address,\n", " options=[\"+az_activity\", \"+office_365\", \"+common_security\"]\n", " )\n", "```\n", "</details>" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "ip_addr_nb = nb.nblts.azsent.network.IpAddressSummary()\n", "md(\n", " \"Note: Different result properties are populated depending on the IP type\",\n", " \"large, bold\"\n", " )\n", "ip_result = ip_addr_nb.run(\n", " value=ipaddr_text.value.strip(),\n", " timespan=qry_prov.query_time.timespan,\n", " options=[\"+az_activity\", \"+office_365\", \"+common_security\"],\n", ")" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "---\n", "\n", "## Browse alerts\n", "\n", "View any recent alerts featuring the IP Address" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "ip_result.browse_alerts()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "---\n", "\n", "## View Threat Intel results\n", "\n", "View the full TI reports, if any, for the IP Address." ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "ip_result.browse_ti_results()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "## Map view of IP Address\n", "\n", "Show the location of the IP address on a map" ] }, { "cell_type": "code", "execution_count": null, "metadata": { "ExecuteTime": { "end_time": "2020-05-15T23:08:16.023912Z", "start_time": "2020-05-15T23:08:15.611915Z" } }, "outputs": [], "source": [ "folium_map = FoliumMap(zoom_start=8)\n", "\n", "icon_props = {\"color\": \"green\"}\n", "folium_map.add_ip_cluster(ip_entities=[ip_result.ip_entity], **icon_props)\n", "folium_map.center_map()\n", "display(folium_map)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Other data and methods available for the IP notebooklet result\n", "\n", "The notebooklet result has a number of data properties" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "ip_result.data_properties()" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "ip_result.list_methods()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "# Appendix - Additional properties from the Notebooklet result\n", "\n", "\n", "---\n", "\n", "These are static properties - usually DataFrames or visualizations. \n", "You can access each of these to see or manipulate the retrieved data.\n", "\n", "To see help on the available attributes type:\n", "```python\n", ">>> help(ip_result)\n", "```\n", "To see the available methods type:\n", "```python\n", ">>> ip_result.list_methods()\n", "```\n", "> Note, for the IP Summary notebooklet, the main data retrieval method is:<br>\n", "> - run<br>\n", "> There are several other methods that allow you to view individual plots\n", "> or subsets of the data (such as alerts).\n", "\n", "To view help on a specific method type:\n", "```python\n", ">>> help(ip_result.method_name())\n", "```" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "ip_result.passive_dns.T" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "---\n", "\n", "## Viewing the Result class\n", "You can view all of the data in the results class by \"running\" it in a cell\n", "\n", "> Note: This produces a lot of output.<br>\n", "> Due to the way Jupyter display Javascript objects the plots may\n", "> appear out of order.\n", "\n", "```ipython\n", " ip_result\n", "```\n", "\n", "Most of the properties of the results class are pandas DataFrames - \n", "you can use these directly for further analysis. Other property types\n", "include entities and visualizations.\n", "\n", "The DataFrames displayed by running the result object are truncated\n", "to the first five rows.\n", "\n", "You can also access individual data properties of the result as follows:\n", "```ipython\n", " result.data_property\n", "```" ] }, { "cell_type": "code", "execution_count": null, "metadata": {}, "outputs": [], "source": [ "ip_result" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "---\n", "\n", "## Using Pivots to get more context information\n", "\n", "You can run a pivot function on the summary results\n", "to get additional context on the data.\n", "\n", "Here is an example of looking up Whois information for Azure IPAddress requests.\n", "\n", "```python\n", "whois_df = (\n", " ip_result # the results object\n", " .azure_activity_summary[[\"IPAddress\"]] # the property and the column we want\n", " .drop_duplicates() # drop duplicates\n", " .mp_pivot.run( # run the pivot function IpAddress 'whois' function\n", " IpAddress.util.whois, column=\"IPAddress\" \n", " )\n", ")\n", "whois_df\n", "```" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "---\n", "\n", "## Use other notebooklets and pivots functions to drill down on other entities\n", "\n", "You may want to drill down on other entities in the data.\n", "You can use methods of the IpAddress or Host entities, for example,\n", "to look at these in more detail.\n", "\n", "Run the ip_address_summary notebooklet pivot\n", "```python\n", "\n", "acc_result = Account.nblt.account_summary(\"user@my-aad.com\")\n", "```" ] } ], "metadata": { "hide_input": false, "kernel_info": { "name": "python310-sdkv2" }, "kernelspec": { "display_name": "Python 3.10 - SDK v2", "language": "python", "name": "python310-sdkv2" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.9.7" }, "latex_envs": { "LaTeX_envs_menu_present": true, "autoclose": false, "autocomplete": true, "bibliofile": "biblio.bib", "cite_by": "apalike", "current_citInitial": 1, "eqLabelWithNumbers": true, "eqNumInitial": 1, "hotkeys": { "equation": "Ctrl-E", "itemize": "Ctrl-I" }, "labels_anchors": false, "latex_user_defs": false, "report_style_numbering": false, "user_envs_cfg": false }, "toc": { "base_numbering": 1, "nav_menu": {}, "number_sections": true, "sideBar": true, "skip_h1_title": true, "title_cell": "Table of Contents", "title_sidebar": "Contents", "toc_cell": true, "toc_position": { "height": "calc(100% - 180px)", "left": "10px", "top": "150px", "width": "578px" }, "toc_section_display": true, "toc_window_display": true }, "varInspector": { "cols": { "lenName": 16, "lenType": 16, "lenVar": 40 }, "kernels_config": { "python": { "delete_cmd_postfix": "", "delete_cmd_prefix": "del ", "library": "var_list.py", "varRefreshCmd": "print(var_dic_list())" }, "r": { "delete_cmd_postfix": ") ", "delete_cmd_prefix": "rm(", "library": "var_list.r", "varRefreshCmd": "cat(var_dic_list()) " } }, "position": { "height": "400px", "left": "1549px", "right": "20px", "top": "120px", "width": "351px" }, "types_to_exclude": [ "module", "function", "builtin_function_or_method", "instance", "_Feature" ], "window_display": false }, "vscode": { "interpreter": { "hash": "0f1a8e166ce5c1ec1911a36e4fdbd34b2f623e2a3442791008b8ac429a1d6070" } }, "widgets": { "application/vnd.jupyter.widget-state+json": { "state": { "0a6cf186891b466cb9b8a45f8b928aea": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_e7181b97ce7c4275b43f3ef53ab55e60", "IPY_MODEL_adf15e6cc29c461c8662271f7abc72fc", "IPY_MODEL_a0f22a1945024c35bb17b7ad66a4795c" ], "layout": "IPY_MODEL_f323a14d092c45e693b4baf7123a2213" } }, "0be3cca1776848f9bb5b0bac5468ff34": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "70%" } }, "179f96fbd56a41a3a86dc70f4194e3cb": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "188e4ae29a6a40afb280526ca3d4178a": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DatePickerModel", "state": { "description": "Origin Date", "disabled": false, "layout": "IPY_MODEL_2c55761e332b4c70947d45ac59372dcf", "style": "IPY_MODEL_dbd5e7c82d7243978e5c5a50f31e8125", "value": { "date": 24, "month": 5, "year": 2021 } } }, "18a36ca306df45029e99a2576935aa09": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "150px", "width": "300px" } }, "18ba6c08cba04e1788df9bea09004ae9": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_3a41531987604358b0e4cd5bf7a78c31", "IPY_MODEL_1f98d75695874b8694765cdee0ec0f7b" ], "layout": "IPY_MODEL_cf1f5e0abe0b4f52be7af14e24bb7afd" } }, "1a8d47f1a41d4976aac01e8249cd78f8": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "1c257260e3dc48e89c99c83b4bc313aa": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "150px", "width": "300px" } }, "1e2a2959d4194e679ee439e18c5aa37d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "1f98d75695874b8694765cdee0ec0f7b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectModel", "state": { "_options_labels": [ "2021-06-09 21:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:11e05f09-03f8-4c5f-df0f-42c0b88060fd]", "2021-06-09 22:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:a1e39049-6c42-3f6f-b422-974b08ed5c8d]", "2021-06-09 23:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:87650cc5-773e-d3d7-8864-e54f2585d7cf]", "2021-06-10 00:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:ddfbe2fa-8d93-44e4-0cca-b366d449d77e]", "2021-06-10 01:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:cfc4f9fd-0849-5d88-4f8c-056c9a5d98e3]", "2021-06-10 02:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:765f6786-c62a-5625-839f-0c672ba2c5a8]", "2021-06-10 03:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:5e4836fa-86e2-5495-1a3d-c68b598677df]", "2021-06-10 04:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:7c187f4c-6583-f63d-4b36-aa36a37477b0]", "2021-06-10 05:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:108b3970-6bb0-4ed4-b393-bccba3912a22]", "2021-06-10 06:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:f5350b4e-0b6c-193d-2fd7-742e5e3c33b3]", "2021-06-10 07:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:3620a46a-3c98-9c79-97a3-078cadcc0d1d]", "2021-06-10 08:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:0b7ec809-12ba-51a3-bf19-7ed5354b5eef]", "2021-06-10 09:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:963f1c8c-add6-cc0f-3f2c-24bb0e0c5749]", "2021-06-10 10:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:c1d60b48-06a8-3058-06f8-a6c647eabfb0]", "2021-06-10 11:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:3f29274c-2772-c228-1992-9015c45aad41]", "2021-06-10 12:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:6e4bb6bb-6e24-9a93-99f0-293224cf044f]", "2021-06-10 13:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:2916534f-29c6-c843-82d1-9a86b367fe7a]", "2021-06-10 14:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:e5ecc47c-be8a-91c5-fbf7-9a6e1a58245d]", "2021-06-10 15:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:4980ce0e-a042-4fc9-f3c8-18464cba5a60]", "2021-06-10 16:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:e1ad9bb7-a66e-0d10-aa30-7aa9e9c57936]", "2021-06-10 17:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:7ab08d82-d4f5-6310-64b3-4e673b2d561d]", "2021-06-10 18:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:d88648a4-180f-4244-c75d-30c38b9707ab]", "2021-06-10 19:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:204b3051-4512-a0ba-8a34-77c1a2c59643]", "2021-06-10 20:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:0a0dafca-6812-84d7-b17a-6811c338c8c9]" ], "description": "Select alert :", "index": 0, "layout": "IPY_MODEL_df0dbf95ece74009bf610a24d1ef5b5c", "style": "IPY_MODEL_b60ebfa4865b448489d88b65bd1e6d02" } }, "1fac397e2f9e41958510b9c1e1413f07": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "2031cffc36c7427fb952e6566132c31d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DropdownModel", "state": { "_options_labels": [ "minute", "hour", "day", "week" ], "index": 2, "layout": "IPY_MODEL_3bcb2ab409df4d77ab83cfe19f072bf4", "style": "IPY_MODEL_c077b59d30f34402b77e5942839dd84c" } }, "22249e20fd914198b8858b5a1c7d5fd6": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "229e561893fa4b5da3b860f1d251299b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_6108dc1748c2466b8c46f1c14b0fc364", "IPY_MODEL_e4b05bb34510493e9c0f88e338973a9c" ], "layout": "IPY_MODEL_9b8e9dd2dd2643929286401c0cfbcfa2" } }, "252d2e082fbf4ee0b709ef6be2c139d2": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_188e4ae29a6a40afb280526ca3d4178a", "IPY_MODEL_a7646ea3e4be4f5f9e6f1d89df3a2c44" ], "layout": "IPY_MODEL_f802f25e4dc647d29b428d84a63bd8f1" } }, "2705951d91834a0d9e4cef2c67f96f0c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Time (24hr)", "layout": "IPY_MODEL_9e064b07d021424e9e7de20cf64afd13", "style": "IPY_MODEL_e8d2eb4ddda34cbc9a056748cf7fa95b", "value": "20:32:59.184782" } }, "277a7222516144cdb705ccc16bfe9145": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "2ba3c3cc7c2244979628c8b65c52009d": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "2c55761e332b4c70947d45ac59372dcf": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "2f31b978c22f4839bf3a290eb05d645e": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "70%" } }, "2fbaf846c4664c62a291e8c554bbf5f7": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_d3871a2859fd43b3a023e245bc68aa56", "IPY_MODEL_252d2e082fbf4ee0b709ef6be2c139d2", "IPY_MODEL_0a6cf186891b466cb9b8a45f8b928aea" ], "layout": "IPY_MODEL_920d3c1a6eb54ca691c680ec792be9d9" } }, "3259ad599a3f495aaab348f2d2d7d562": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "32aecb8fb8644ad38555728301ad6dfb": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "70%" } }, "388ebd4eca1f4d73877b13383458303f": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "LabelModel", "state": { "layout": "IPY_MODEL_713043c60ded4d31875fa0ac278249f8", "style": "IPY_MODEL_ab8d82f09e604e0888d479aebf698929" } }, "3906f01c72be4d0f91c7ed4678dd73ee": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Time (24hr)", "layout": "IPY_MODEL_be778ba961444e5abfdda6a0aea61a82", "style": "IPY_MODEL_a1d6552346ec403e9fd8d7f43813dc6d", "value": "20:32:42.073449" } }, "3a16aee58c30466991fd2d729ccb2463": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_e7e21765ffd94a3d9f9ad3574fef01a0", "IPY_MODEL_f21b565a84f841d2a98e133000310d76", "IPY_MODEL_806aa89b0cc64bb19ea6f6a4e161382f" ], "layout": "IPY_MODEL_6fa478417a8d4bd884f974aee4516b27" } }, "3a2734e49c7b453a8f9e8409f157a5f4": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_f823c3cabba94296b777b707ff5b8d8b", "IPY_MODEL_cc1afb7d272249739b8157a9be0241fc", "IPY_MODEL_a5ce2e738f9341dda57e2e836613112f" ], "layout": "IPY_MODEL_b274d1430c854c63a28c43dd03b4498c" } }, "3a2a3eac1cde4a6f93e3d3c9aac9c615": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DropdownModel", "state": { "_options_labels": [ "minute", "hour", "day", "week" ], "index": 2, "layout": "IPY_MODEL_c8437965dc1f42ed928a91398a385a99", "style": "IPY_MODEL_fc7b3defcf3143578bfaf9f07297332c" } }, "3a41531987604358b0e4cd5bf7a78c31": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Filter alerts by title:", "layout": "IPY_MODEL_4defd8532943451aae4366ccd5db4e47", "style": "IPY_MODEL_c2695c2f507a468ab1c847e94d031f99" } }, "3b4cbfe3dbb342778ef24cbdddacbbae": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "95%" } }, "3bcb2ab409df4d77ab83cfe19f072bf4": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "100px" } }, "3dad5b67b5be4a05835369d7c1025371": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_5248a3f1b42d49b1ada09f9fa7c2e064", "IPY_MODEL_e40b2465f2644ab7a70934b13a3ef6a3" ], "layout": "IPY_MODEL_2ba3c3cc7c2244979628c8b65c52009d" } }, "3db48c2bd5a948afb2b24ed088b454fd": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "99%" } }, "44269b967df14409b674da172be5541e": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "IntRangeSliderModel", "state": { "_model_name": "IntRangeSliderModel", "_view_name": "IntRangeSliderView", "description": "Time Range", "layout": "IPY_MODEL_2f31b978c22f4839bf3a290eb05d645e", "max": 28, "min": -28, "style": "IPY_MODEL_d65bd27bd8de4a92a129235c43418744", "value": [ -1, 1 ] } }, "4563ba0ea7e845efbe40b3e14392f559": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "470d34e366f14195acbd53aafd537164": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "IntRangeSliderModel", "state": { "_model_name": "IntRangeSliderModel", "_view_name": "IntRangeSliderView", "description": "Time Range", "layout": "IPY_MODEL_32aecb8fb8644ad38555728301ad6dfb", "max": 28, "min": -28, "style": "IPY_MODEL_d0b74368421b437fa9c5dd6b776dc90c", "value": [ -1, 0 ] } }, "4defd8532943451aae4366ccd5db4e47": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "5018ac40741d4607a9458b2e86f66261": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "50%" } }, "5248a3f1b42d49b1ada09f9fa7c2e064": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Filter:", "layout": "IPY_MODEL_b4c16087d7f24587a97c9063d381aeed", "style": "IPY_MODEL_961257ffef1a43a4aefb0e19b6cb35df" } }, "5985e21111424f958840036258e3f361": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "70%" } }, "599a0fd6e1184e349edb59995b526455": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_8477fd38c3e64cae9f4c7b2d7cb6cc0b", "IPY_MODEL_5af34eeedc88487ba7d9e0372c7e7d9b", "IPY_MODEL_3a16aee58c30466991fd2d729ccb2463" ], "layout": "IPY_MODEL_1fac397e2f9e41958510b9c1e1413f07" } }, "5af34eeedc88487ba7d9e0372c7e7d9b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_7da277ed1a9b43b086cd224d75eec0a8", "IPY_MODEL_2705951d91834a0d9e4cef2c67f96f0c" ], "layout": "IPY_MODEL_677181f65b8e4e68a351de3ebb88afed" } }, "5bdfba855598449faf0abc831747709e": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "5cf53f658662412a84bc89c696bc38cf": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "50%" } }, "6108dc1748c2466b8c46f1c14b0fc364": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Filter:", "layout": "IPY_MODEL_d299cf0bd9b14c61a32d685629e4f9ff", "style": "IPY_MODEL_db38a92651d84adbb724820537625261" } }, "677181f65b8e4e68a351de3ebb88afed": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "69569d7b0c704934861a15f45e4725e1": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HTMLModel", "state": { "layout": "IPY_MODEL_b98db510261e48c2b64ca03cb4447bb5", "style": "IPY_MODEL_d857d0886e1f42e9a608daeb0776987f", "value": "<h4>Set query time boundaries</h4>" } }, "6fa478417a8d4bd884f974aee4516b27": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "713043c60ded4d31875fa0ac278249f8": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "99%" } }, "7229fc102cf04c2a835d586dc39cf127": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "50%" } }, "75cd728ab9a948098247a54238f44df6": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "7714167e1c354589b3175cb9acfbc822": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "7b3b3adec18e46ea9f295f9e0407c707": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "7da277ed1a9b43b086cd224d75eec0a8": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DatePickerModel", "state": { "description": "Origin Date", "disabled": false, "layout": "IPY_MODEL_7714167e1c354589b3175cb9acfbc822", "style": "IPY_MODEL_f4692cbfa8a84756bd18092d71c7e249", "value": { "date": 24, "month": 5, "year": 2021 } } }, "7dc7619a81d642d5b7092341340db4e4": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "806aa89b0cc64bb19ea6f6a4e161382f": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Query end time (UTC) : ", "layout": "IPY_MODEL_ffaee00ecb2d40818caff86884037984", "style": "IPY_MODEL_fdfa6a30bd2742289fe73054188752e8", "value": "2021-06-24 20:32:59.184782" } }, "8477fd38c3e64cae9f4c7b2d7cb6cc0b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HTMLModel", "state": { "layout": "IPY_MODEL_c91539762faa4a8d9c777bc58e63869a", "style": "IPY_MODEL_f524738766a64f5fb9bb1c2adc177539", "value": "<h4>Set time range for pivot functions.</h4>" } }, "8ab4f33016c8408fb5b273b5a8b82c88": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "8bb7c035267c4dfa90a2f9cdcf4678c0": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "100px" } }, "8de2a2ca08b444a5a4cf662b008090d3": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "50%" } }, "8e01e20aaf534f51bcc9edc8fd3f17b9": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "906fdec97a3a44f28b31872f5db51bf1": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_69569d7b0c704934861a15f45e4725e1", "IPY_MODEL_c372919727414a2b882062d9edbf5753", "IPY_MODEL_3a2734e49c7b453a8f9e8409f157a5f4" ], "layout": "IPY_MODEL_a4e5e2d0b4264669917e209b679e7d23" } }, "920d3c1a6eb54ca691c680ec792be9d9": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "961257ffef1a43a4aefb0e19b6cb35df": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "961d3d2a4f3744f094f2925f61f9227e": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "99fceeabeeae474ababe921ec10892e0": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DropdownModel", "state": { "_options_labels": [ "minute", "hour", "day", "week" ], "index": 1, "layout": "IPY_MODEL_8bb7c035267c4dfa90a2f9cdcf4678c0", "style": "IPY_MODEL_8ab4f33016c8408fb5b273b5a8b82c88" } }, "9a2131f16f544e9b92529069893f83a3": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Enter the IP Address to search for:", "layout": "IPY_MODEL_5018ac40741d4607a9458b2e86f66261", "style": "IPY_MODEL_abafdd649972468383c0dbc1edea9e11", "value": "144.91.119.160" } }, "9b8e9dd2dd2643929286401c0cfbcfa2": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "9e064b07d021424e9e7de20cf64afd13": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "a0f22a1945024c35bb17b7ad66a4795c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Query end time (UTC) : ", "layout": "IPY_MODEL_8de2a2ca08b444a5a4cf662b008090d3", "style": "IPY_MODEL_8e01e20aaf534f51bcc9edc8fd3f17b9", "value": "2021-06-24 20:32:59.184782" } }, "a1d6552346ec403e9fd8d7f43813dc6d": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "a4e5e2d0b4264669917e209b679e7d23": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "a5ce2e738f9341dda57e2e836613112f": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Query end time (UTC) : ", "layout": "IPY_MODEL_7229fc102cf04c2a835d586dc39cf127", "style": "IPY_MODEL_1a8d47f1a41d4976aac01e8249cd78f8", "value": "2021-06-25 20:32:42.073449" } }, "a7646ea3e4be4f5f9e6f1d89df3a2c44": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Time (24hr)", "layout": "IPY_MODEL_bf91b41eb8914ae5925b2ad7df94992a", "style": "IPY_MODEL_3259ad599a3f495aaab348f2d2d7d562", "value": "20:32:59.184782" } }, "a9aafed07678438cbe63202222fea718": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "300px", "width": "50%" } }, "ab8d82f09e604e0888d479aebf698929": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "abafdd649972468383c0dbc1edea9e11": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "acaab2f462244a88bcb08c769137d7cf": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "acfac8dcb7914aaf91692bbcebfac1f6": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectModel", "state": { "_options_labels": [ "2021-06-09 21:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:11e05f09-03f8-4c5f-df0f-42c0b88060fd]", "2021-06-09 22:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:a1e39049-6c42-3f6f-b422-974b08ed5c8d]", "2021-06-09 23:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:87650cc5-773e-d3d7-8864-e54f2585d7cf]", "2021-06-10 00:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:ddfbe2fa-8d93-44e4-0cca-b366d449d77e]", "2021-06-10 01:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:cfc4f9fd-0849-5d88-4f8c-056c9a5d98e3]", "2021-06-10 02:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:765f6786-c62a-5625-839f-0c672ba2c5a8]", "2021-06-10 03:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:5e4836fa-86e2-5495-1a3d-c68b598677df]", "2021-06-10 04:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:7c187f4c-6583-f63d-4b36-aa36a37477b0]", "2021-06-10 05:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:108b3970-6bb0-4ed4-b393-bccba3912a22]", "2021-06-10 06:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:f5350b4e-0b6c-193d-2fd7-742e5e3c33b3]", "2021-06-10 07:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:3620a46a-3c98-9c79-97a3-078cadcc0d1d]", "2021-06-10 08:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:0b7ec809-12ba-51a3-bf19-7ed5354b5eef]", "2021-06-10 09:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:963f1c8c-add6-cc0f-3f2c-24bb0e0c5749]", "2021-06-10 10:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:c1d60b48-06a8-3058-06f8-a6c647eabfb0]", "2021-06-10 11:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:3f29274c-2772-c228-1992-9015c45aad41]", "2021-06-10 12:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:6e4bb6bb-6e24-9a93-99f0-293224cf044f]", "2021-06-10 13:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:2916534f-29c6-c843-82d1-9a86b367fe7a]", "2021-06-10 14:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:e5ecc47c-be8a-91c5-fbf7-9a6e1a58245d]", "2021-06-10 15:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:4980ce0e-a042-4fc9-f3c8-18464cba5a60]", "2021-06-10 16:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:e1ad9bb7-a66e-0d10-aa30-7aa9e9c57936]", "2021-06-10 17:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:7ab08d82-d4f5-6310-64b3-4e673b2d561d]", "2021-06-10 18:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:d88648a4-180f-4244-c75d-30c38b9707ab]", "2021-06-10 19:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:204b3051-4512-a0ba-8a34-77c1a2c59643]", "2021-06-10 20:10:02.788000+00:00 - TI map IP entity to AzureActivity (enriched) - () - [id:0a0dafca-6812-84d7-b17a-6811c338c8c9]" ], "description": "Select alert :", "index": 0, "layout": "IPY_MODEL_ce3881fae3aa421a839f983ddb55bc86", "style": "IPY_MODEL_4563ba0ea7e845efbe40b3e14392f559" } }, "adf15e6cc29c461c8662271f7abc72fc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Query start time (UTC):", "layout": "IPY_MODEL_5cf53f658662412a84bc89c696bc38cf", "style": "IPY_MODEL_1e2a2959d4194e679ee439e18c5aa37d", "value": "2021-06-23 20:32:59.184782" } }, "b274d1430c854c63a28c43dd03b4498c": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "b4c16087d7f24587a97c9063d381aeed": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "b60ebfa4865b448489d88b65bd1e6d02": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "b91ecbe737f6418d90a929f7090344c1": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "b98db510261e48c2b64ca03cb4447bb5": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "bb9fbe938433499e8ed7adf87e9723da": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "50%" } }, "be3b28e606284a18b1a737f863a2dd7d": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "70%" } }, "be778ba961444e5abfdda6a0aea61a82": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "bf91b41eb8914ae5925b2ad7df94992a": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "bfd99e8a7b154ae081cda69718eeb6d3": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "c077b59d30f34402b77e5942839dd84c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "c132807e629b445bb617c9586e2d7f99": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "VBoxModel", "state": { "children": [ "IPY_MODEL_c39a12ffcf3448f1ab30e95878b6e1cf", "IPY_MODEL_acfac8dcb7914aaf91692bbcebfac1f6" ], "layout": "IPY_MODEL_961d3d2a4f3744f094f2925f61f9227e" } }, "c171ec913a63411baccb5441a0c27c8c": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "70%" } }, "c2695c2f507a468ab1c847e94d031f99": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "c2a3dfd398674959a63382260b232d42": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "IntRangeSliderModel", "state": { "_model_name": "IntRangeSliderModel", "_view_name": "IntRangeSliderView", "description": "Time Range", "layout": "IPY_MODEL_5985e21111424f958840036258e3f361", "max": 72, "min": -96, "style": "IPY_MODEL_cbd406c176dd46f6966e495f39e27c3c", "value": [ -24, 0 ] } }, "c372919727414a2b882062d9edbf5753": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_de7bef950b534f27869f300fcc1c67ce", "IPY_MODEL_3906f01c72be4d0f91c7ed4678dd73ee" ], "layout": "IPY_MODEL_e5065e33cbeb4a3fab1187c2f0e3d088" } }, "c39a12ffcf3448f1ab30e95878b6e1cf": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Filter alerts by title:", "layout": "IPY_MODEL_7b3b3adec18e46ea9f295f9e0407c707", "style": "IPY_MODEL_acaab2f462244a88bcb08c769137d7cf" } }, "c76901ceae5943dbb8ae46f0ea48e955": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "c8437965dc1f42ed928a91398a385a99": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "100px" } }, "c91539762faa4a8d9c777bc58e63869a": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "ca9ed43895b14c3898e36a7a7a1d29ab": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "cbd406c176dd46f6966e495f39e27c3c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SliderStyleModel", "state": { "description_width": "initial" } }, "cc1afb7d272249739b8157a9be0241fc": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Query start time (UTC):", "layout": "IPY_MODEL_bb9fbe938433499e8ed7adf87e9723da", "style": "IPY_MODEL_5bdfba855598449faf0abc831747709e", "value": "2021-06-23 20:32:42.073449" } }, "ce3881fae3aa421a839f983ddb55bc86": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "300px", "width": "95%" } }, "cf1f5e0abe0b4f52be7af14e24bb7afd": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "cf7c3f91ce934a3c89fa678ca4d05fac": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "95%" } }, "d0b74368421b437fa9c5dd6b776dc90c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SliderStyleModel", "state": { "description_width": "initial" } }, "d299cf0bd9b14c61a32d685629e4f9ff": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "d3871a2859fd43b3a023e245bc68aa56": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HTMLModel", "state": { "layout": "IPY_MODEL_75cd728ab9a948098247a54238f44df6", "style": "IPY_MODEL_7dc7619a81d642d5b7092341340db4e4", "value": "<h4>Set time range for pivot functions.</h4>" } }, "d4d31643f3a5434c85d78adac33cbed1": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "50%" } }, "d65bd27bd8de4a92a129235c43418744": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SliderStyleModel", "state": { "description_width": "initial" } }, "d857d0886e1f42e9a608daeb0776987f": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "db38a92651d84adbb724820537625261": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "dbd5e7c82d7243978e5c5a50f31e8125": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "de7bef950b534f27869f300fcc1c67ce": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DatePickerModel", "state": { "description": "Origin Date", "disabled": false, "layout": "IPY_MODEL_c76901ceae5943dbb8ae46f0ea48e955", "style": "IPY_MODEL_b91ecbe737f6418d90a929f7090344c1", "value": { "date": 24, "month": 5, "year": 2021 } } }, "df0dbf95ece74009bf610a24d1ef5b5c": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "300px", "width": "95%" } }, "e40b2465f2644ab7a70934b13a3ef6a3": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectModel", "state": { "_options_labels": [ "144.91.119.160 type: ipv4 (sev: information) providers: ['OTX', 'OPR', 'Tor', 'VirusTotal', 'XForce']" ], "description": "Select an item", "index": 0, "layout": "IPY_MODEL_a9aafed07678438cbe63202222fea718", "style": "IPY_MODEL_277a7222516144cdb705ccc16bfe9145" } }, "e4b05bb34510493e9c0f88e338973a9c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "SelectModel", "state": { "_options_labels": [ "144.91.119.160 type: ipv4 (sev: information) providers: ['OTX', 'OPR', 'Tor', 'VirusTotal', 'XForce']" ], "description": "Select an item", "index": 0, "layout": "IPY_MODEL_efb24c2f0acd42eeb790fad63d9fb38b", "style": "IPY_MODEL_ca9ed43895b14c3898e36a7a7a1d29ab" } }, "e5065e33cbeb4a3fab1187c2f0e3d088": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "e7181b97ce7c4275b43f3ef53ab55e60": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_470d34e366f14195acbd53aafd537164", "IPY_MODEL_3a2a3eac1cde4a6f93e3d3c9aac9c615" ], "layout": "IPY_MODEL_bfd99e8a7b154ae081cda69718eeb6d3" } }, "e7e21765ffd94a3d9f9ad3574fef01a0": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_c2a3dfd398674959a63382260b232d42", "IPY_MODEL_99fceeabeeae474ababe921ec10892e0" ], "layout": "IPY_MODEL_ebadb19f608a439e8b57c742516a0e74" } }, "e8d2eb4ddda34cbc9a056748cf7fa95b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "ebadb19f608a439e8b57c742516a0e74": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "efb24c2f0acd42eeb790fad63d9fb38b": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "height": "300px", "width": "50%" } }, "f21b565a84f841d2a98e133000310d76": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "TextModel", "state": { "description": "Query start time (UTC):", "layout": "IPY_MODEL_d4d31643f3a5434c85d78adac33cbed1", "style": "IPY_MODEL_22249e20fd914198b8858b5a1c7d5fd6", "value": "2021-06-23 20:32:59.184782" } }, "f323a14d092c45e693b4baf7123a2213": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "f4692cbfa8a84756bd18092d71c7e249": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "f524738766a64f5fb9bb1c2adc177539": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "f802f25e4dc647d29b428d84a63bd8f1": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": {} }, "f823c3cabba94296b777b707ff5b8d8b": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "HBoxModel", "state": { "children": [ "IPY_MODEL_44269b967df14409b674da172be5541e", "IPY_MODEL_2031cffc36c7427fb952e6566132c31d" ], "layout": "IPY_MODEL_179f96fbd56a41a3a86dc70f4194e3cb" } }, "fc7b3defcf3143578bfaf9f07297332c": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "" } }, "fdfa6a30bd2742289fe73054188752e8": { "model_module": "@jupyter-widgets/controls", "model_module_version": "1.5.0", "model_name": "DescriptionStyleModel", "state": { "description_width": "initial" } }, "ffaee00ecb2d40818caff86884037984": { "model_module": "@jupyter-widgets/base", "model_module_version": "1.2.0", "model_name": "LayoutModel", "state": { "width": "50%" } } }, "version_major": 2, "version_minor": 0 } } }, "nbformat": 4, "nbformat_minor": 4 }

Entity Explorer - IP Address.ipynb (2,005 lines of code) (raw):