Msticpy

New Features
- 90 - new gettext and option button widgets.
- Registered widgets - some widgets (GetText and QueryTimes) now have a "memory" - so if used in Jupyter notebooks and you accidentally re-run the cell they will revert to their last settings rather than the defaults.
- Registered widgets can also accept notebook parameters from papermill
- Added query_browser module
- Added method to tilookup and data_providers modules to access respective browser widgets.
- 93 Added class diagrams for DataProviders, TIProviders and Secrets sub-packages.
- 94 - Added function to extract anomalous time ranges from time series anomaly results
- Added functions to obfuscate/hash data to protect PII
- 96 kql query failure and nbinit notebook initialization now have friendly errors
- Updated data queries list

Fixes
- 90 Splunk and data_providers fixes
* Tooltip formatting fix for datetimes in timeline and timeseries Bokeh tools
- 92 - Fixes for deprecated networkx API
- 93 Error in pkg_config validate when no config sections are populated.
- 95 - Removed redundant typing library from requirements
- 96 - Miscellaneous linter and spelling fixes
- Error in pkg_config validate when no config sections are populated.
- Updated Splunk queries to use datetime type for parameters.
- Adding some extra checks for null entries in msticpyconfig in pkg_config
- Making nbinit skip but report any exceptions while validating msticpyconfig
- Change dataproviders to use custom paths outside of the package
- Fix to entity entityschema
- Fix to kql_driver to handle running if not in IPython.
- Add version param to test-pypi-test-pkg.cmd help.
- Unit test for query_browser.
- Formatting using updated black v20
- Fixing conda-reqs-pip.txt requirements
- Updating msal req to ~=1.0.0
- Fixing mypy errors, incorrect annotation in query_source
- Fixing time format bug in timeline
- 3fc07e7timeformat re-ordering
- 9d20842updated requirements for dateutil bug-fixes

Maintenance release to fix import errors caused by incorrect package dependency versions.
Also includes minor documentation updates.

The main features of this release are a data provider for Splunk and data uploaders for Azure Sentinel and Splunk. The Splunk provider uses the Spunk SDK and makes it eas to use msticpy functionality with results from Splunk queries.

The data uploaders let you upload results or additional data to either Azure Sentinel or Splunk.

New Features
splunk connector (81)
- Authentication and initialization unified with existing data providers
- Parameterized template queries runnable from data provider class
- Retrieve and display saved searches as part of the available query set
- Splunk provider documentation notebook

Data Uploaders (87)
- uploaders from pandas DataFrame, CSV/delimited file and folder
- upload to Azure Sentinel or Splunk
- documentation notebook and read-the-docs page

Data providers (81)
- fc046a5Added support for populating dynamic query set at connect time (after connect)
- Added populating queries with SavedSearches in splunk_driver
- Added provider specific formatting for parameters (e.g. how a given query language expects a list of items or a datetime to be formatted)
- Support for fully hierarchical query list (to help organize queries into categories, subcategories, etc.)

4bbf785 Blackhat Demo Notebook

Fixes
87dab39 Adding unit tests for kql and splunk drivers (latter has a failure)
7123511 Bug in data_providers and param_extractor
e2ea5c6 Fix for tooltip formatting for timeline charts
2a5a734 Error in pkg_config validate when no config sections are populated.

New Features
- Threat Intelligence results browser widget (84)

Fixes
805d71d Error in pkg_config validate when no config sections are populated. (85)
860f7a4Fixing URLs in exception help links
f92ef4dupdate SelectAlert
1a72495Fixing mypy error in wsconfig
Fixing odd test break in ti_providers (didn't have default msticpyconfig in current directory)
Removing redundant test in test_nb_tools
Fixing bug in unit_test_lib - setting ENV VAR to "" instead of removing it.
a031c2aIncorrect capitalization in Readme
c6468aaLeft in an unwanted cell from testing
d8098eeTest error in EventClustering notebook
1c14a12Fixing timestamp Timezone issue in process_tree_utils and eventcluster
a08a348Added User exception to BrowshotAdded exception handling to ip_utils.def_whois_info
Fixed Output widgets where action function returns single dataframe
Fixed syslog_utils.cluster_syslog_logons_df so that it uses only source data to generate datetime objects - this should avoid TypeErrors from pandas when comparing datetimes where one dt has TZ info and the other doesn't. As long as the source is consistent this should avoid this error.
4f73b44Making pkginstall and notebook init errors more friendly
1dafc1fFixed problem with test cases not being able to do absolute imports of msticpy modules(deleting rogue __init__.py at root of package
Updating Readme to make images clearer.
Add check_version to root __init__.py to check version against latest on PyPI
Also added check version code to tools.
Minor change to nbinit._check_config() to make testing easier.
8bbf417Prevent default output from queries (Kqlmagic post 0.1.111)
8eff722Fix for the problem with pandas datetime representation - you cannot compare timezone-aware and timezone-naiive dates. Redoing logic so that the code only uses timezone awareness state from data values. This should work as long as *all* or *none* of the data sets
have timezone info.

Maintenance release to fix some package version conflicts.

Mostly housekeeping release.
We've introduced a set of friendly exceptions for common configuration-related problems that users might encounter while using msticpy in notebooks. In most cases, the cause is lack of a config item such as an API key or setting. Hitting one of these exceptions gives you a few lines of explanatory text plus links to documentation on readthedocs to help you fix it. In most cases the traceback is irrelevant so this is not shown for these exception types (although this can be re-enabled).

Adding some new capabilities like being able to use our time series analysis module on any time-stamped log data. We've also done a lot of documentation additions/improvements - for Anomalous Sequence, TimeSeries and msticpy configuration plus miscellaneous freshening and improving.

A lot of the other work is related to compatibility with nteract environment in Azure Machine Learning - this will soon be the default notebook environment for Azure Sentinel.

New Features
- Friendly exceptions and exception framework for notebooks 73
- Replaced the use of the ipywidgets Output widget with IPython updatable display() objects. nteract/AML compat. 71
- Added timeseries decomposition (using Statsmodel STL) so that you can do time series analysis on any data 69
(previously we relied on Kql/Azure Sentinel to do the decomposition/analysis part). Documentation and notebook added
- Update to Anomalous Sequence modules
- Added modellable_params argument in model classes - this can be used to override the default of using rough heuristics to
decide which params have modellable values, and instead, manually specify the parameters. 65
- Added sample notebook and RST/ReadtheDocs documentation for Anomalous Sequence.
- Added check_version() function that will check the current version against latest on PyPI

import msticpy
msticpy.check_version()

- Relaxing some version requirements in setup.py/requirements.txt to match AzureNotebooks resulting in quicker install 68
- Updated display of logon details in nbdisplay
- Updated README to add missing details, correct some things and add a few more images.
- Added documentation for Azure Sentinel configuration for notebooks - how to use the various config files.
- Updated a lot of the introductory sections to readthedocs to bring up-to-date and align with README
- Replace some badly-formatted tables in readthedocs docs
- Added analysis subpackage to docs so that Anomaly Sequence and TimeSeries module/API docs appear in the API doc tree
(readthedocs)
- Adding new queries for Notebooklets project 67

Fixes
- Some fixes to comp_reqs.py test tool to show missing packages and handle version comparison operators.
- New release of pandas/numpy surfaced a bug where we were doing datetime comparisons between timezone
naive and timezone-aware datetimes - fixed in timeline, processtree and eventcluster.
- New behavior in Kqlmagic (> 0.1.111) causes queries in the middle of a cell to output by default. Added workaround
to suppress this.
- Rogue __init__.py in root of repo (had been there forever) was preventing test cases using absolute imports of tested
modules. removed the offending file and updated all tests to use absolute imports
- Seems that we'd been inadvertently (at some point) including test files in our setuptools/PyPI package - these should
now be gone.
- Fixed an issue with GeoIPLite (maxmind) database download and cleaned up logic.
- Added better exception handling in nbinit
- Making pkginstall and notebook init errors more friendly
- Removing some deprecated terms.
- Fixing timestamp Timezone issue in process_tree_utils, eventcluster, process_tree and syslog_utils.cluster_syslog_logons_df
- Fixing/constraining some azure dependencies for Sphinx 68
- Fix for schema property in kql_driver 70