As you probably already know, Jupyter notebooks allow for much great threat hunting than you can get using the OOTB Azure Sentinel Threat Hunting queries, especially when you consider that you can run the Azure Sentinel KQL queries from a Jupyter notebook.
Most of the articles written about Azure Sentinel and Jupyter notebooks use Python as the programming language. While it is a great language, there are now other options (with a bit of setup)
How to do it
A while ago there was a blog post, available here, about using PowerShell inside of Jupyter notebooks instead of Python. The article’s formatting leaves a bit to be desired but overall it tells you the steps you need to install PowerShell on the server that you have created to run your Jupyter notebooks (Version 7 was loaded when I wrote this article). This will entail starting a terminal and entering a series of commands to install and enable PowerShell.
Once that is done, if you look at the Notebooks section in Azure Sentinel you will see that there is now one called A Getting Started Guide For PowerShell AML Notebooks, which provides some nice tips on using PowerShell inside of Jupyter notebooks. Note there are some typos in this that will require you to change the code when you run including logging into the Azure.
One little tidbit that is hidden inside the notebook is the fact that you can switch to C# when needed using the command
and you can switch back to PowerShell using
This will allow you to use the best language to do what you need to accomplish.
I am not saying that PowerShell or C# would be a better choice to use than Python. In fact, given the support from the Python community and the msticpy library, the case could be made for the exact opposite statement. What I am saying is that there are now choices.
If you only have PowerShell or C# developers on your team, then you can still use Jupyter Notebooks to do your threat hunting or other activities in them.