msticpy 0.5.1 release

pd.read_csv(“myfile.csv”)
alerts_df = qry_prov.SecurityAlert.list_alerts(start=T1, end=T2)

How to Use It

metadata:
version: 1
description: Local Data Alert Queries
data_environments: [LocalData]
data_families: [SecurityAlert, WindowsSecurity, Network]
tags: ['alert', 'securityalert', 'process', 'account', 'network']
defaults:
sources:
list_alerts:
description: Retrieves list of alerts
metadata:
data_families: [SecurityAlert]
args:
query: alerts_list.pkl
parameters:
list_host_logons:
description: List logons on host
metadata:
data_families: [WindowsSecurity]
args:
query: host_logons.csv
parameters:
# Creating a query provider with "LocalData" parameter
qry_prov = QueryProvider("LocalData")
data_path = "./my_data"
query_path = "./myqueries"
qry_prov = QueryProvider("LocalData", data_paths=[data_path], query_paths=[query_path])
qry_prov.list_queries()SecurityAlert.list_network_alerts
WindowsSecurity.list_host_logons
alerts_df = qry_prov.SecurityAlert.list_alerts(start=T1, end=T2)

--

--

--

This is the account of the Microsoft Threat Intelligence Center (MSTIC).

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Rigel Protocol Influencer GiftDApp Campaign

MicroZed Chronicles: Combining MicroBlaze & the Zynq MPSoC

from Buffer

Why Use Python for AI and Machine Learning?

Append Newline to Amazon Kinesis Firehose JSON Formatted Records with Python

TEN X RUG DOCTOR

Case study of AWS SQS- How it helps NASA

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
MSTIC

MSTIC

This is the account of the Microsoft Threat Intelligence Center (MSTIC).

More from Medium

Memory forensics: a fun hands-on introduction

Malware Analysis —Manual Unpacking of Redaman

Log Analysis — Compromised WordPress — BTLO, WriteUp

TryHackMe: Intro to Malware Analysis [Write-up]