MSTICPy 0.8.8 Release

  • VirusTotal API V3 support — with notebook support for viewing and navigating the indicator relationships and the VT Graph.
  • Mordor data provider and browser — to view and import attack data sets directly into your notebook
  • Streamlined Azure authentication — you should only need to authenticate once!
  • Azure Sentinel APIs for retrieving data such as Incidents, Alert rules, bookmarks, etc. from your Azure Sentinel workspace.
  • Partitioned queries — experimental feature allowing you to split very large/complex queries into sequential chunks

VirusTotal V3 API Support

  • Parent processes of malware files.
  • Domains related to the malware.
Query from the VT API bringing back parent sample IDs for a piece of malware.
VT Graph showing relationships of files and domains for a piece of malware

Mordor data provider and browser

Querying data from Mordor
Querying Mordor data sets from the command line.
MSTICPy Mordor data browser

Streamlined Azure authentication

Azure Sentinel APIs

  • Hunting queries
  • Security Incidents
  • Alert rules
Retrieving hunting queries from the Azure Sentinel API

Partitioned Queries

  • if your queries have joins — each subquery will join only on the subset of data within each time-bounded sub-query.
  • if you do explicit manipulation of time boundaries within your query, this may produce unexpected results.
  • you must be using a pre-defined query (i.e. one of the built-in queries or a query that you’ve created), it does not work for ad hoc queries. (An ad hoc query means sending a query as a string to the query_provider.exec_query() method).

Try it out

pip install msticpy
pip install --upgrade msticpy




This is the account of the Microsoft Threat Intelligence Center (MSTIC).

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Legends of Olympus: Play, Farm Hack Free Resources Generator

Tips for Avoiding Financial Scams

OptionRoom ROOM token important update

The business value of a service mesh

Flash Stock Rom on Itel Snap S11

Flash Stock Rom on Itel

SearchInform FileAuditor has added confidential document tagging into MS Office

Top Warranty Fraud Detection Tools

ICYMI: 7 Ways to Embrance Shadow IT and Win

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


This is the account of the Microsoft Threat Intelligence Center (MSTIC).

More from Medium

Russian Roulette: Using Optical Character Recognition to investigate military equipment transfers

Creating Malicious .wms Files — Malware Mondays #3

Bypassing Access Mask Auditing Strategies