Skip to content

Hackmonth updates: CyberReason, Insights, Splunk, AWS, Kusto

Compare
Choose a tag to compare
@ianhelle ianhelle released this 17 Feb 18:17
· 629 commits to main since this release

Highlights

We have two new providers - a Threat intel provider for IntSights
and a data/query provider for Cybereason
contributed by Florian Bracq - AXA (@FlorianBracq). The Cybereason docs are here.

A range of new Splunk queries for our Splunk data provider for Alert and Authentication data
contributed by Joey Dreijer (@d3vzer0)

Two cool sample notebooks:

  • Azure data explorer/Kusto notebook from Liam Kirton @liamkirton
  • AWS S3 HoneyBucket Log analysis notebook by Ashwin Patil @ashwin-patil

Complete replacement of requests with the async-capable httpx library by GrantV @grantv9

New Sentinel Security alert entity that automatically extracts related entities from
a MS Sentinel alert.

Overhaul of some of our documentation - including automated build/collection of API docs and
data provider query list (so these should now be up-to-date) and re-organization/re-write of the
Data provider docs.

Reorganization of setup and tool settings using setup.cfg and pyproject.toml.

We also added a workaround (the IPython version dependency) to allow msticpy to be installed
on Python 3.6 (even though we don't officially support it).

What's Changed

New Contributors

Full Changelog: v1.6.1...v1.7.0