The scanner-notebooks Github respository contains a wide range of Jupyter notebooks tailored for security use cases.

These notebooks are designed to help users quickly get started with analyzing various security log sources and leverage powerful visualizations.

Each notebook is crafted for real-world use cases, making it easier for security teams to detect, investigate, and respond to potential threats efficiently.

Use cases highlighted in these notebooks will soon include:

• Visualizing network graphs of role assumption for privilege escalation

• Unusual API activity

• Suspicious cross-account activity

• Access from unauthorized or risky locations

• Failed security controls changes

• Compromised user credentials

• And more...

The notebooks will soon cover common log sources, such as:

• AWS CloudTrail, VPC flow

• Cloudflare HTTP, WAF, DNS

• Crowdstrike FDR

• Windows Sysmon

• Okta System

• Github Audit

• And more...

You can start using these notebooks by cloning the scanner-notebooks repository on Github and using them in a local Jupyter environment like JupyterLab Desktop.