Msticnb

Latest version: v1.2.0

Safety actively analyzes 613750 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

1.0.1

This release contains several fixes and enhancements to individual notebooklets.
Also in this release a function to generate template notebooklets so you can build your own and import them into the package.
python
import msticnb as nb

nb.create_template(nb_name="MyNotebooklet", folder="mynotebooklet")


What's Changed
* Updated and fixed host notebooks by petebryan in https://github.com/microsoft/msticnb/pull/35
* Fix import custom Nblts and added create_template by ianhelle in https://github.com/microsoft/msticnb/pull/34
* Fixed Linting Issues by petebryan in https://github.com/microsoft/msticnb/pull/36


**Full Changelog**: https://github.com/microsoft/msticnb/compare/v1.0.0...v1.1.0

1.0.0

631a57dFixing docstring in ip_summary
d330b22
- Better formatting of options in help- added options doc string to notebooklet init.
- Refactored large __init__ function in notebooklet
419cce1Fixing tests that depend on GeoLiteLookup - replace with mock class.Temporary workaround for convert_to_ip_entities in host.py
1d2cf20Update azure-pipelines.yml for Azure PipelinesAdd maxmind auth key
256f6ecFixing setup.py to read from requirements.txt
e2e48e6Update azure-pipelines.yml for Azure PipelinesAdd install of pytest-check
0a88c16Some test and linter fixes
3d619cb
- Fixes/regularization to host.host.py and iptools.py. Added VPS lookup
- Added several test data sets such as azure_activity_df, az_net_df (interface), vmcomputer_df, host_hb_df
- Added mock classes for TILookup and GeoIP for testing
- Switched several test modules to native pytest format.
184a2af
- Update to add extra method to notebooklet base class for wrapped run method
- Some fixes due to pandas TZ-specific changes and some of the test data.
- Removed TimeSpan from common.py - now imported from msticpy.
029753eAdd pivot support for notebooklets run method.
ee1125e
- Update to add extra method to notebooklet base class for wrapped run method
- Some fixes due to pandas TZ-specific changes and some of the test data.
- Removed TimeStamp from common.py - now imported from msticpy.
159d63fCreate CONTRIBUTING.md
617ce20Changing image sizes in readme. Spelling corrections
99a3441Documentation addition and update to README.md
906da10Update README.mdAdded link to the notebook and introductory text.

0.2.3

5ce81a0Reverting change to calling SelectAlert since it fails on MSTICPy 1.4.5 and earlier
d06e23dFixing error caused by msticpy bug in ti_enrich
4bdf7b6Fixing test breaks in ti_enrich.py and account_summary.pyAdding additional McCabe suppressions to deal with diff versions (sometimes McCabe IDs the start of decorated function as the decorator line, in newer versions, it uses the def line)

34af0daAddressing McCabe and Prospector warnings
bdae992Fix failing test in test_metadata.py
79c8ae8Linting errors
e10a429Updating azure-pipelines to python 3.8type hints in data_providers

a124c8fRemoving azure_data requirement from host_summary notebooklet for test
bb908cdMerge pull request 20 from microsoft/pebryan/2021-7-2MinorFixesMinor fixes to account and ip nblts
9b2b549Minor fixes to account and ip nblts
cc391c9Updating version

0.2.1

Fixes

1c3c72bBug fixes for ipsummary, account summary and host summary

aea7603
- Fix when only one account matched in account_summary.py
- More defensive dictionary access for Azure Data in host_summary.py
- Fixed using IP address rather than string in iptools.py
- Skipping some tests when running in Linux/Mac CI

0.2.0

The second release of Notebooklets has been a long time coming but finally here.
It includes 3 new notebooklets:
- [Account summary](https://msticnb.readthedocs.io/en/latest/notebooklet_docs/AccountSummary.html) - explore an account (Azure/Office, Windows or Linux)
Logon activity, Azure office activity, alerts, etc.
- [IP Address Summary](https://msticnb.readthedocs.io/en/latest/notebooklet_docs/IpAddressSummary.html) - explore IP address:
Threat intel, geolocation, whois plus checks for presence of IP in multiple Azure Sentinel logs
- [Logon session rarity](https://msticnb.readthedocs.io/en/latest/notebooklet_docs/LogonSessionsRarity.html)
Using clustering of processes to estimate the relative unusualness of individial logon sessions.
Browse the sessions with unusual activity using event timelines or process trees.

Also support for MSTICPy pivot functions - loading Notebooklets package will add
notebooklet run functions as pivots to the appropriate entity (e.g. Host, Account, IP)

Updates
86c0865Automated [ReadtheDocs documentation for notebooklets](https://msticnb.readthedocs.io/en/latest/notebooklet_docs/IpAddressSummary.html)
e3bc125Logon session rarity notebooklet.
58c8e60Adding print_options function to notebooklet.py
49e05a6
- Add data_viewers.py module for simple event browsing
- Added Pivot initialization to the package __init__.py so that notebooklets are added as pivot functions
- Created local version of convert_to_ip_entities that accepts geoip provider in args. This is used by ti_enrich, host.py, host_logons_summary.py and, indirectly, by ip_summary and network_flow_summary.
- Added map_ips function to ip_tools - generic Folium map for list of IPs
- Change notebooklet_result.py so that it only displays first 5 rows of DF and has explanatory text why not everything is showing.
3d619cb
- Added some utility functions to common.py and notebooklet.py
- check_valid_result_data
- check_table_exists
- get_methods/list_methods (lists only methods defined on subclasses, not Notebooklet class)
- Split NotebooketResult into separate module notebooklet_result.py
- Added ability to invoke notebooklet functions from results class
- Added alert.py alert browser


Fixes

0.1.0

Features
- Notebooklet infrastructure:
- Dataproviders (automating load of msticpy providers)
- Notebooklet and NotebookletResult base classes
- Notebooklet importer - handling classes and yaml metadata
- Classdoc - self-documentation of notebooklets
- Notebooklets:
The initial set of notebooklets are specific to Azure Sentinel
- HostSummary (Linux and Windows) - basic details about a host from Azure Sentinel and Azure APIs
- HostLogonsSummary (Linux and Windows) - analysis of logons to the host
- WinHostEvents (Windows) analysis of security events on a Windows host (esp Account management events)
- NetworkFlowSummary - analysis of network traffic for a specific host/IP address
- Alert enrichment - additional enrichment (e.g. ThreatIntel) for alert triage
- AccountSummary (Windows, Linux, Azure AD, Office) - analysis of logon activity for an account.

Links

Releases

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.