Msticnb

Fixes

1c3c72bBug fixes for ipsummary, account summary and host summary

aea7603
- Fix when only one account matched in account_summary.py
- More defensive dictionary access for Azure Data in host_summary.py
- Fixed using IP address rather than string in iptools.py
- Skipping some tests when running in Linux/Mac CI

The second release of Notebooklets has been a long time coming but finally here.
It includes 3 new notebooklets:
- [Account summary](https://msticnb.readthedocs.io/en/latest/notebooklet_docs/AccountSummary.html) - explore an account (Azure/Office, Windows or Linux)
Logon activity, Azure office activity, alerts, etc.
- [IP Address Summary](https://msticnb.readthedocs.io/en/latest/notebooklet_docs/IpAddressSummary.html) - explore IP address:
Threat intel, geolocation, whois plus checks for presence of IP in multiple Azure Sentinel logs
- [Logon session rarity](https://msticnb.readthedocs.io/en/latest/notebooklet_docs/LogonSessionsRarity.html)
Using clustering of processes to estimate the relative unusualness of individial logon sessions.
Browse the sessions with unusual activity using event timelines or process trees.

Also support for MSTICPy pivot functions - loading Notebooklets package will add
notebooklet run functions as pivots to the appropriate entity (e.g. Host, Account, IP)

Updates
86c0865Automated [ReadtheDocs documentation for notebooklets](https://msticnb.readthedocs.io/en/latest/notebooklet_docs/IpAddressSummary.html)
e3bc125Logon session rarity notebooklet.
58c8e60Adding print_options function to notebooklet.py
49e05a6
- Add data_viewers.py module for simple event browsing
- Added Pivot initialization to the package __init__.py so that notebooklets are added as pivot functions
- Created local version of convert_to_ip_entities that accepts geoip provider in args. This is used by ti_enrich, host.py, host_logons_summary.py and, indirectly, by ip_summary and network_flow_summary.
- Added map_ips function to ip_tools - generic Folium map for list of IPs
- Change notebooklet_result.py so that it only displays first 5 rows of DF and has explanatory text why not everything is showing.
3d619cb
- Added some utility functions to common.py and notebooklet.py
- check_valid_result_data
- check_table_exists
- get_methods/list_methods (lists only methods defined on subclasses, not Notebooklet class)
- Split NotebooketResult into separate module notebooklet_result.py
- Added ability to invoke notebooklet functions from results class
- Added alert.py alert browser


Fixes

Features
- Notebooklet infrastructure:
- Dataproviders (automating load of msticpy providers)
- Notebooklet and NotebookletResult base classes
- Notebooklet importer - handling classes and yaml metadata
- Classdoc - self-documentation of notebooklets
- Notebooklets:
The initial set of notebooklets are specific to Azure Sentinel
- HostSummary (Linux and Windows) - basic details about a host from Azure Sentinel and Azure APIs
- HostLogonsSummary (Linux and Windows) - analysis of logons to the host
- WinHostEvents (Windows) analysis of security events on a Windows host (esp Account management events)
- NetworkFlowSummary - analysis of network traffic for a specific host/IP address
- Alert enrichment - additional enrichment (e.g. ThreatIntel) for alert triage
- AccountSummary (Windows, Linux, Azure AD, Office) - analysis of logon activity for an account.