PowerShell Notebooks aren’t just great for building SOC tools - they can run your SOC too!

In this session, we’ll use long-running orchestration notebooks that launch reusable sub-notebooks as investigation templates, and save the results for auditing, collaboration, and evidence preservation. You’ll see how Notebooks can automate complex end-to-end incident investigations by turning boring steps into repeatable workflows.

Last year, we looked at how PowerShell Notebooks make it easy to create and share SOC tools. This year, we’re taking the idea much further.