SC-200 - Perform Threat Hunting - Section 3.4
Hunt for threats using Notebooks in Microsoft Sentinel, including connection to the Sentinel MCP Server.
Use Jupyter Notebooks in Microsoft Sentinel with the MSTICPy library to perform complex, large-scale hunting and enrichment tasks that go beyond what portal-based KQL supports. Connect a notebook to the Sentinel MCP Server to query workspace data programmatically and integrate external threat intelligence into the investigation workflow.
Jupyter Notebooks in Microsoft SentinelMSTICPyconnection to the Sentinel MCP Serverlarge-scale hunting and enrichment
More in this domain
Back to all Perform Threat Hunting objectives, or the SC-200 cert hub.
Examworthy is not affiliated with or endorsed by Microsoft. Original, blueprint-aligned practice material only.