Skip to content

Sentinel Search API, Azure Authentication, Settings management, HTTPX timeouts

Compare
Choose a tag to compare
@ianhelle ianhelle released this 04 May 22:17
· 599 commits to main since this release
5c4c7f6

Summary

There are some feature changes and fixes in this release:

  • MS Sentinel Search API support in the Sentinel package - allowing you to create, check status and delete automated search jobs.
  • Authentication updates to
    • support wider range of Azure authentication types (incl VSCode and Powershell)
    • specify tenantID at auth time (this was a specific issue for Azure Data explorer users)
    • lets you use MSAL token caching
  • Fixes to httpx timeouts (we recently switch from using requests to httpx and have
    changed the default timeout to be none (like requests). You can also set this in configuration
    and specify while calling a function that makes a network request, e.g. mde_prov.my_query(...params, timeout=30)
  • MpConfigEdit now behaves better when no existing msticpyconfig.yaml exists - making it easier to create a
    config file from scratch.

What's Changed

  • Ianhelle/mp config edit load fix 2022 03 28 by @ianhelle in #352
    Also fixes to multiple widgets for papermill/automation. Can now set QueryTime timespan programmatically.
    Fix to Sentinel data provider to prevent re-auth for every query.
  • Pebryan/2022 3 29 auth updates by @petebryan in #351
    • Re-implemented using DefaultCredential
    • Added support for MSAL token cache
  • Bump sphinx from 4.4.0 to 4.5.0 by @dependabot in #350
  • Fixes for GeoLiteLookup and MpConfigEdit by @ianhelle in #356
    • GeoIPLite no longer tries to update DB during initialization - only on first query
    • Fixes to MpConfigEdit and MpConfig file for msticpyconfig path handling.
  • Some fixes to Kusto common_imports by @ianhelle in #358
  • Changing the pattern for httpx timeout to default to Timeout(None). by @ianhelle in #378
    • config based setting for http timeouts
    • can be overridden in calls in several providers - OData (MSGraph, MDE) and HTTP-based TI providers.
  • Add Workflow to Tweet by @petebryan in #369
    • testing to automatically tweet status on PR completion
  • Fixed minor issues by @petebryan in #371
    • some issues with incident exploration having incomplete information
  • Fixing bug in local_data_driver.py if CSV with no TimeGenerated field by @ianhelle in #374
    • also added new Sentinel query list_logon_attempts_by_ip
  • Ianhelle/nb fixes 2022 04 20 by @ianhelle in #379
  • Added new Sentinel Search Features: by @petebryan in #376
    • Sentinel Search API - can create, delete and check status of an automated search
    • Also added feature to treat cases where you only have one Sentinel workspace configured - this will be treated as the default
      even if it is not marked as the default.

Full Changelog: v1.7.5...v1.8.0