scanner
  • About Scanner
  • When to use it
  • Architecture
  • Getting Started
  • Playground Guide
    • Overview
    • Part 1: Search and Analysis
    • Part 2: Detection Rules
    • Part 3: Augment your SIEM
    • Wrapping Up
  • Log Data Sources
    • Overview
    • List
      • AWS
        • AWS Aurora
        • AWS CloudTrail
        • AWS CloudWatch
        • AWS ECS
        • AWS EKS
        • AWS GuardDuty
        • AWS Lambda
        • AWS Route53 Resolver
        • AWS VPC Flow
        • AWS VPC Transit Gateway Flow
        • AWS WAF
      • Cloudflare
        • Audit Logs
        • Firewall Events
        • HTTP Requests
        • Other Datasets
      • Crowdstrike
      • Custom via Fluentd
      • Fastly
      • GitHub
      • Jamf
      • Lacework
      • Osquery
      • OSSEC
      • Sophos
      • Sublime Security
      • Suricata
      • Syslog
      • Teleport
      • Windows Defender
      • Windows Sysmon
      • Zeek
  • Indexing Your Logs in S3
    • Linking AWS Accounts
      • Manual setup
        • AWS CloudShell
      • Infra-as-code
        • AWS CloudFormation
        • Terraform
        • Pulumi
    • Creating S3 Import Rules
      • Previewing Imports
      • Regular Expressions in Import Rules
  • Using Scanner
    • Query Syntax
    • Aggregation Functions
      • avg()
      • count()
      • countdistinct()
      • groupbycount()
      • max()
      • min()
      • percentile()
      • rename()
      • stats()
      • sum()
      • table()
      • var()
      • where()
    • Detection Rules
      • Event Sinks
      • Out-of-the-Box Detection Rules
      • MITRE Tags
    • API
      • Ad hoc queries
      • Detection Rules
      • Event Sinks
      • Validating YAML files
    • Built-in Indexes
      • _audit
    • Role-Based Access Control (RBAC)
    • Beta features
      • Scanner for Splunk
        • Getting Started
        • Using Scanner Search Commands
        • Dashboards
        • Creating Custom Content in Splunk Security Essentials
      • Scanner for Grafana
        • Getting Started
      • Jupyter Notebooks
        • Getting Started with Jupyter Notebooks
        • Scanner Notebooks on Github
      • Detection Rules as Code
        • Getting Started
        • Writing Detection Rules
        • CLI
        • Managing Synced Detection Rules
      • Detection Alert Formatting
  • Single Sign On (SSO)
    • Overview
    • Okta
      • Okta Workforce
      • SAML
Powered by GitBook
On this page
  • Step 1: Download JupyterLab Desktop
  • Step 2: Create or open a notebook
  • Step 3: Install the Scanner Python SDK
  • Step 4: Import and configure the Scanner API Client

Was this helpful?

  1. Using Scanner
  2. Beta features
  3. Jupyter Notebooks

Getting Started with Jupyter Notebooks

The fastest way to get started is to install the JupyterLab Desktop app locally on your computer, and install the Scanner Python SDK into your Jupyter notebook.

Step 1: Download JupyterLab Desktop

Simply download and run the appropriate installer for your OS. You can find download links on the Github page here.

Step 2: Create or open a notebook

Open up the JupyterLab Desktop app. It is often useful to create a directory where you plan to edit your notebooks. Open up that directory in the app, and then create a notebook file.

Step 3: Install the Scanner Python SDK

Run the following command to install the Scanner Python SDK:

pip install scanner-client

Step 4: Import and configure the Scanner API Client

In your Jupyter notebook, run this command to import the Scanner API client:

from scanner_client import Scanner

In the Scanner UI, visit Settings and copy-paste your API URL and API key. We recommend adding them to environment variables like SCANNER_API_URL and SCANNER_API_KEY.

Once that is done, you can create the Scanner API client in your Jupyter notebook:

scanner = Scanner(
    api_url=os.environ["SCANNER_API_URL"],
    api_key=os.environ["SCANNER_API_KEY"],
)

You are now ready to execute queries and perform investigations.

PreviousJupyter NotebooksNextScanner Notebooks on Github

Last updated 2 months ago

Was this helpful?