Hackmonth updates: CyberReason, Insights, Splunk, AWS, Kusto
Highlights
We have two new providers - a Threat intel provider for IntSights
and a data/query provider for Cybereason
contributed by Florian Bracq - AXA (@FlorianBracq). The Cybereason docs are here.
A range of new Splunk queries for our Splunk data provider for Alert and Authentication data
contributed by Joey Dreijer (@d3vzer0)
Two cool sample notebooks:
- Azure data explorer/Kusto notebook from Liam Kirton @liamkirton
- AWS S3 HoneyBucket Log analysis notebook by Ashwin Patil @ashwin-patil
Complete replacement of requests with the async-capable httpx library by GrantV @grantv9
New Sentinel Security alert entity that automatically extracts related entities from
a MS Sentinel alert.
Overhaul of some of our documentation - including automated build/collection of API docs and
data provider query list (so these should now be up-to-date) and re-organization/re-write of the
Data provider docs.
Reorganization of setup and tool settings using setup.cfg and pyproject.toml.
We also added a workaround (the IPython version dependency) to allow msticpy to be installed
on Python 3.6 (even though we don't officially support it).
What's Changed
- Add IntSights support by @FlorianBracq in #276
- Setup.cfg and Pyproject.toml by @ianhelle in #287
- Ianhelle/nbwidgets refactor 2022 01 25 by @ianhelle in #299
- Add tenant_id parameter back by @liamkirton in #295
- (fix): typo in README by @zscholl in #294
- Add alert-oriented queries for Splunk using datamodels by @d3vzer0 in #297
- Add authentication-oriented queries for Splunk using datamodels by @d3vzer0 in #298
- Fix QueryTime unit change by @kubajir in #303
- Update regular expression to extract parameters from source by @FlorianBracq in #291
- Ianhelle/data docs rewrite 2022 01 27 by @ianhelle in #304
- SentinelAlert entity creation by @petebryan in #293
- Replaced requests with httpx 0.18 by @grantv9 in #285
- Updating httpx requirements to work with out requirements by @petebryan in #312
- Change to Querylist doc and py script to avoid phantom changes by @ianhelle in #310
- Cybereason by @FlorianBracq in #306
- AWS S3 HoneyBucket Log analysis notebook by @ashwin-patil in #311
- Kusto Driver Example Notebooks by @liamkirton in #308
- Bump sphinx from 4.3.2 to 4.4.0 by @dependabot in #283
- doc updates by @ashwin-patil in #316
- Adding dev container files for VSCode by @ashwin-patil in #321
- Bump respx from 0.17.1 to 0.19.2 by @dependabot in #314
- Updated Cybereason docs to fit pattern by @petebryan in #324
- Ianhelle/1.6.1 hotfixes 2022 01 27 for 1.6.2 by @ianhelle in #317
- Changing magics creation so that they don't get created if not in ipython by @ianhelle in #332
New Contributors
- @FlorianBracq made their first contribution in #276
- @zscholl made their first contribution in #294
- @d3vzer0 made their first contribution in #297
- @kubajir made their first contribution in #303
- @grantv9 made their first contribution in #285
Full Changelog: v1.6.1...v1.7.0