{"@attributes":{"version":"2.0"},"channel":{"title":"Python on Lets Automate It","link":"https:\/\/letsautomate.it\/tags\/python\/","description":"Recent content in Python on Lets Automate It","generator":"Hugo","language":"en-us","lastBuildDate":"Thu, 14 Jul 2022 12:45:00 -0400","item":[{"title":"Understanding Python - Part 2: Running Code","link":"https:\/\/letsautomate.it\/article\/understanding-python-part-2-running-code\/","pubDate":"Thu, 14 Jul 2022 12:45:00 -0400","guid":"https:\/\/letsautomate.it\/article\/understanding-python-part-2-running-code\/","description":"<h2 id=\"introduction\">Introduction<\/h2>\n<p>Whether you are new to Python or not, ensuring you understand the basics will help you along the way to becoming a Python expert.<\/p>\n<p>Please see the first post titled <a href=\"https:\/\/letsautomate.it\/article\/python-vs-powershell-part-1-versioning\/\">Python vs Powershell Part 1: Versioning<\/a>. This first post was written in 2018 but still applies. The remaining blog posts are a continuation of this series. Lets get started!<\/p>\n<h2 id=\"installation\">Installation<\/h2>\n<p>You may have Python already installed. To check, open your terminal and type:<\/p>"},{"title":"Microsoft Defender Advanced Threat Detection Queries","link":"https:\/\/letsautomate.it\/article\/microsoft-defender-advanced-threat-detection-queries\/","pubDate":"Thu, 18 Jul 2019 14:37:17 -0500","guid":"https:\/\/letsautomate.it\/article\/microsoft-defender-advanced-threat-detection-queries\/","description":"<p>Recently, I <a href=\"https:\/\/twitter.com\/MSAdministrator\/status\/1145778141127991302?s=20\">shared on Twitter<\/a> how you could run a query to detect if a user has clicked on a link within their Outlook using Microsoft Defender Advanced Threat Protection (MDATP). If you are not familiar, MDATP is available within your Microsoft 365 E5 license and is an enhancement to the traditional Windows Defender you might be used to.<\/p>\n<h1 id=\"what-is-microsoft-defender-advanced-threat-protection\">What is Microsoft Defender Advanced Threat Protection?<\/h1>\n<p><a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/microsoft-defender-atp\/microsoft-defender-advanced-threat-protection\">Microsoft<\/a> says that \u201cMicrosoft Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.\u201d MDATP offers quite a few endpoints that you can leverage in both incident response and threat hunting.<\/p>"},{"title":"Swimlane's Research Teams Open Sources pyattck","link":"https:\/\/letsautomate.it\/article\/swimlanes-research-teams-open-sources-pyattck\/","pubDate":"Thu, 11 Jul 2019 14:34:27 -0500","guid":"https:\/\/letsautomate.it\/article\/swimlanes-research-teams-open-sources-pyattck\/","description":"<p>As security teams adopt the <a href=\"https:\/\/attack.mitre.org\/\">Mitre ATT&amp;CK Framework<\/a> to help them identify gaps in their defenses, having a way to identify what malware and tools are being used by specific actors or groups becomes more critical. Additionally, having a way to identify these relationships programatically is even more critical.<\/p>\n<p>Today, we are excited to announce the Swimlane research team has released <a href=\"https:\/\/pyattck.readthedocs.io\/en\/latest\/\">pyattck<\/a> \u2014 a Python package to interact with the <a href=\"https:\/\/attack.mitre.org\/\">Mitre ATT&amp;CK Framework<\/a>. There are many different open-source projects being released on a daily basis, but we wanted to provide a straightforward Python package that allows the user to identify known relationships between all verticals of the <a href=\"https:\/\/attack.mitre.org\/\">Mitre ATT&amp;CK Framework<\/a>.<\/p>"},{"title":"Swimlane Open Sources graphish to Help SecOps Teams","link":"https:\/\/letsautomate.it\/article\/swimlane-open-sources-graphish-to-help-secops-teams\/","pubDate":"Wed, 19 Jun 2019 14:31:46 -0500","guid":"https:\/\/letsautomate.it\/article\/swimlane-open-sources-graphish-to-help-secops-teams\/","description":"<p>While having a conversation on <a href=\"https:\/\/twitter.com\/MSAdministrator\/status\/1140380695430410240?s=20\">Twitter<\/a> about Microsoft Graph API I was convinced that the traditional Exchange eDiscovery features were not available in the Microsoft Graph API. Boy was I wrong.<\/p>\n<p>After stumbling across a few endpoints I had not seen previously, I decided to write a python package called <a href=\"https:\/\/github.com\/swimlane\/graphish\">graphish<\/a>. <a href=\"https:\/\/github.com\/swimlane\/graphish\">graphish<\/a> is an open-source python package Swimlane is open-sourcing that will enable IT, security operations (SecOps), developers and others to search and delete email messages from mailboxes using the Microsoft Graph API.<\/p>"},{"title":"Swimlane Research Team Open Sources py-ews","link":"https:\/\/letsautomate.it\/article\/swimlane-research-team-open-sources-py-ews\/","pubDate":"Wed, 22 May 2019 14:27:42 -0500","guid":"https:\/\/letsautomate.it\/article\/swimlane-research-team-open-sources-py-ews\/","description":"<p>Phishing impacts every organization, and security operations (SecOps) teams need to act quickly to remediate and prevent unknown threats within their email infrastructure. To help combat these threats, the Swimlane research team has open sourced <a href=\"https:\/\/py-ews.readthedocs.io\/en\/latest\/\">py-ews<\/a> to enable security and IT teams to interact with Microsoft Exchange Web Services (EWS) using Python.<\/p>\n<h1 id=\"why-py-ews\">Why py-ews?<\/h1>\n<p>Organizations continue to battle against malicious phishing emails in their email environments, but security and IT teams have limited visibility into what currently resides in their users&rsquo; mailboxes. <a href=\"https:\/\/py-ews.readthedocs.io\/en\/latest\/\">py-ews<\/a> was written to give control back to your security and IT teams so they can remediate threats faster.<\/p>"}]}}