With the recent release of v 1.0.0 of MSTICPy we thought it was a good time to do an overview article. This is based on an article in the Azure Sentinel Technical Community blog but since that one focuses on MSTICPy’s use in Azure Sentinel and MSTICPy is ostensibly SIEM-agnostic we thought it would be good to do another version of it here.
We recently released an update to MSTICPy that adds some cool new features as well as some minor fixes.
Warning — this release includes some potentially breaking changes since we have renamed several pivot functions to have shorter, friendlier names. Several Azure Sentinel query functions have shortened names.
Pivots are still a relatively new feature in MSTICPy and as such we are still working to improve and expand them, especially as we get feedback from users. …
MSTICPy has been around for nearly 2 and half years so we decided that it was time to bring it out of beta and let it roam free in the big wide world.
(This article is based on the earlier MSTICPy release candidate article but does contain some updates, so please scan through, even if you read the previous article).
The 1.0 release has some new features and some significant updates to existing features:
We’ve decided that it’s time to bring MSTICPy out of beta and let it fend for itself in the big wide world.
The 1.0 release has some significant features that we’ll be testing and would like you to try out:
Since this is currently a pre-release it won’t install with
pip install msticpy You’ll need to specify the version
We recently just released a new version of MSTICPy with a feature called Pivot functions.
Pivot functions have three main goals:
The pivot functionality exposes operations relevant to a particular entity as methods (or functions) of that entity. These operations include: data queries, threat intelligence lookups, other data lookups (such as geo-location, whois and domain resolution) as well as other local functions.
Here are a couple of examples showing calling different kinds of enrichment functions…
We’re pleased to announce the release of MSTICPy 0.8.8 (which should have been 0.8.5 but a few hiccups caused us to do some hotfixes before announcing)
This release has a few new cool features (plus the usual share of fixes):
We recently released 0.8.0 of MSTICPy. The significant features in the release are:
We’ve added two new simple widgets.
GetText is a simple wrapper around the ipywidgets Text widget. Why would you use this rather than the Text widget? …
We’re very happy to announce, after a several months work, the release of a new Python/Jupyter notebooks package — MSTICnb, or MSTIC notebooklets.
MSTICnb is a companion package to MSTICpy. It is designed to be used in Jupyter notebooks by security operations engineers and analysts, to allow them to quickly, and easily, run common notebook patterns such as retrieving summary information about a host, an account or IP address.
Each notebooklet is equivalent to multiple cells and many lines of code in a traditional notebook. By contrast, you can import and run a notebooklet in just two lines of code…
We have two exciting features for this release of MSTICpy: a Splunk data provider and data uploaders for Azure Sentinel and Splunk
We have added support for Splunk in our growing list of Data Providers/Connectors. The feature is built on top-of Splunk SDK for python with some customization and enhancements.
The provider allows you to connect to a Splunk instance (on-premise or cloud) and query data from Jupyter notebooks and MSTICpy using a pattern similar to our existing data providers. The results of each query are returned as a pandas DataFrame. …
This is mostly housekeeping release — we needed to do a bit of updating and testing for the new Azure Machine Learning nteract-based notebook environment. This is going to be the default execution environment for Azure Sentinel Notebooks. Read more about nteract and about the Azure ML Notebooks feature.
We’ve introduced a set of friendly exceptions for common configuration-related problems that users might encounter while using msticpy in notebooks. In most cases, the cause is lack of a config item such as an API key or setting. …
This is the account of the Microsoft Threat Intelligence Center (MSTIC).