Msticpy

Latest version: v2.16.0

Safety actively analyzes 714860 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 13 of 16

0.6.1

Not secure
Maintenance release to fix some package version conflicts.

0.6.0

Not secure
Mostly housekeeping release.
We've introduced a set of friendly exceptions for common configuration-related problems that users might encounter while using msticpy in notebooks. In most cases, the cause is lack of a config item such as an API key or setting. Hitting one of these exceptions gives you a few lines of explanatory text plus links to documentation on readthedocs to help you fix it. In most cases the traceback is irrelevant so this is not shown for these exception types (although this can be re-enabled).

Adding some new capabilities like being able to use our time series analysis module on any time-stamped log data. We've also done a lot of documentation additions/improvements - for Anomalous Sequence, TimeSeries and msticpy configuration plus miscellaneous freshening and improving.

A lot of the other work is related to compatibility with nteract environment in Azure Machine Learning - this will soon be the default notebook environment for Azure Sentinel.

New Features
- Friendly exceptions and exception framework for notebooks 73
- Replaced the use of the ipywidgets Output widget with IPython updatable display() objects. nteract/AML compat. 71
- Added timeseries decomposition (using Statsmodel STL) so that you can do time series analysis on any data 69
(previously we relied on Kql/Azure Sentinel to do the decomposition/analysis part). Documentation and notebook added
- Update to Anomalous Sequence modules
- Added modellable_params argument in model classes - this can be used to override the default of using rough heuristics to
decide which params have modellable values, and instead, manually specify the parameters. 65
- Added sample notebook and RST/ReadtheDocs documentation for Anomalous Sequence.
- Added check_version() function that will check the current version against latest on PyPI

import msticpy
msticpy.check_version()

- Relaxing some version requirements in setup.py/requirements.txt to match AzureNotebooks resulting in quicker install 68
- Updated display of logon details in nbdisplay
- Updated README to add missing details, correct some things and add a few more images.
- Added documentation for Azure Sentinel configuration for notebooks - how to use the various config files.
- Updated a lot of the introductory sections to readthedocs to bring up-to-date and align with README
- Replace some badly-formatted tables in readthedocs docs
- Added analysis subpackage to docs so that Anomaly Sequence and TimeSeries module/API docs appear in the API doc tree
(readthedocs)
- Adding new queries for Notebooklets project 67

Fixes
- Some fixes to comp_reqs.py test tool to show missing packages and handle version comparison operators.
- New release of pandas/numpy surfaced a bug where we were doing datetime comparisons between timezone
naive and timezone-aware datetimes - fixed in timeline, processtree and eventcluster.
- New behavior in Kqlmagic (> 0.1.111) causes queries in the middle of a cell to output by default. Added workaround
to suppress this.
- Rogue __init__.py in root of repo (had been there forever) was preventing test cases using absolute imports of tested
modules. removed the offending file and updated all tests to use absolute imports
- Seems that we'd been inadvertently (at some point) including test files in our setuptools/PyPI package - these should
now be gone.
- Fixed an issue with GeoIPLite (maxmind) database download and cleaned up logic.
- Added better exception handling in nbinit
- Making pkginstall and notebook init errors more friendly
- Removing some deprecated terms.
- Fixing timestamp Timezone issue in process_tree_utils, eventcluster, process_tree and syslog_utils.cluster_syslog_logons_df
- Fixing/constraining some azure dependencies for Sphinx 68
- Fix for schema property in kql_driver 70

0.5.1

Not secure
New Features
- db86480:
- LocalDataDriver for using CSV and pickled DF files as a QueryProvider (64)
This is primary for demonstration and test purposes where you do not have access to online data sources. It
replicates the functionality of QueryProvider allowing drop-in replacement in existing notebooks.
- Updated DataQueries.rst ReadtheDocs page with new queries
- Add documentation for LocalDataDriver to DataProviders.rst and updated section on creating query files.
- 66a66d2:
- Checked in notebook to create DataQueries.rst
- Added "AzureSentinel" alias for LogAnalytics DataEnvironment

Breaking Changes
- db86480:
- Removed deprecated kql.py, query_builtin_queries, query_mgr.py, query_schema.py
- Changed location of query_defns.py and made pkg reference updates in several modules and notebooks.
- Some fixes to support local_data_driver in query_store.py, driver_base.py and data_providers.py
- Unit test - test_localdata_queries.yaml and supporting data and query files.
- Fixed test in test_utils.py to work on Linux
- Reduced warnings produced during pytest run to something more reasonable (mainly by removing
deprecated code
- 8a32ad5:
- Changed tilookup and kql_base/kql_driver so that handling failure to load is a bit friendlier. E.g. running
TILookup in a non-IPython environment (with ASTI provider) will now just cause a warning, not an exception.
- kql_driver.py also updated to check for get_ipython() returning None and output friendlier message.
- Changed driver_base.py and derived class to take additional QuerySource parameter for query() method -
not yet used but required so that we can implement driver-specific checks on query parameters.

0.5.0

Not secure
This release includes:

Anomaly sequence analysis and visualization using Markov chain karishma-dixit
Morph Chart visualization of log events petebryan

(originally released as v0.4.1 but updated to v0.5.0)

New Features

- Anomalous sequences (60)
Markov Chain anomaly analysis for sequences of commands/patterns in a session
- Morph Charts visualization - 3D visualization of event data using experimental (58)
Morph Charts exploration
- nbinit: a neater and more robust startup/setup function for Jupyter notebooks
handling package installs, imports and option setting (62)
- Azure Sentinel Queries
- Added two Logon fail queries for Linux (62)
- Add Linux logons for host
- Added msticpy.common.pkg_config.validate_config() to validate current config
or external config file (62)

Fixes

- f78a29e:
- Change return type on for bokeh graphs to return whole layout
- Improved geoip error messages when Api key is missing
- Fixing bug in pkg_config if no workspaces are defined (empty workspaces key)
- 31cb17f: Added context manager to temporarily set msticpyconfig to another path and auto-revert settings afterwards.
- 827477b: make titles consistent on the widgets page (59)
- 7964b5f: Fix to utility.py - check_and_install_missing_packages to all package version to be specified.
- f793d55:
- Updated pkg_config to allow AzureCLI and AzureSentinel sections to use Key Vault protection of the keys and use of Env Vars, etc.
- Timeline - fixed Tooltip representation of Timestamps for different representations of numpy's types
- Fixed an error in test-pypi-test-pkg.cmd
- 3e42e42: Doc fix and OutOfBoundsDatetime catch
- efc3d69: OTX TI Provider fixes to encode URL IoC prior to submitting (55)
- 0ad166a: fixing headings in rst docs for timeseries
- 606fc8f: Fixing broken Readthedocs link (53)
- 4810e1f: Fixing some documentation omissions/errors (52)
- 43bbd3c: Updating pylintrc to change limits for some checks.
- f50eec2: Notebooklet queries and timeline hide option
- 13c3f3f Flake8 error with unknown "QuerySource" (63)
- 9921352 Adding pkgs to conda-reqs-pip.txt Removing Python 3.7 version setting from pre-commit
- 921370c (63)
- requirements.txt and setup.py changes to avoid version conflicts (causing sphinx to fail)updated version to 5.0
- c900386 Fixed issue causing test failure (63)
- 5c9db2d Adding get_all_entities feature used in Alerts Notebook (63)

0.4.1

This release includes:

Anomaly sequence analysis and visualization using Markov chain karishma-dixit
Morph Chart visualization of log events petebryan

New Features

- Anomalous sequences
Markov Chain anomaly analysis for sequences of commands/patterns in a session
- Morph Charts visualization - 3D visualization of event data using experimental
Morph Charts exploration
- nbinit: a neater and more robust startup/setup function for Jupyter notebooks
handling package installs, imports and option setting
- Azure Sentinel Queries
- Added two Logon fail queries for linux
- Add Linux logons for host
- Added msticpy.common.pkg_config.validate_config() to validate current config
or external config file

Fixes

- f78a29e:
- Change return type on for bokeh graphs to return whole layout
- Improved geoip error messages when Api key is missing
- Fixing bug in pkg_config if no workspaces are defined (empty workspaces key)
- 31cb17f: Added context manager to temporarily set msticpyconfig to another path and auto-revert settings afterwards.
- 827477b: make titles consistent on the widgets page (59)
- 7964b5f: Fix to utility.py - check_and_install_missing_packages to all package version to be specified.
- f793d55:
- Updated pkg_config to allow AzureCLI and AzureSentinel sections to use Key Vault protection of the keys and use of Env Vars, etc.
- Timeline - fixed Tooltip representation of Timestamps for different representations of numpy's types
- Fixed an error in test-pypi-test-pkg.cmd
- 3e42e42: Doc fix and OutOfBoundsDatetime catch
- efc3d69: OTX TI Provider fixes to encode URL IoC prior to submitting
- 0ad166a: fixing headings in rst docs for timeseries
- 606fc8f: Fixing broken Readthedocs link (53)
- 4810e1f: Fixing some documentation omissions/errors (52)
- 43bbd3c: Updating pylintrc to change limits for some checks.
- f50eec2: Notebooklet queries and timeline hide option

0.4.0

Not secure
This release includes:

- Expansion of Azure Data API for retrieving additional data about subscriptions and resources from Azure APIs.
- Time Series anomaly detection for arbitrary Kusto data sets together with visualization of time series charts in
Jupyter Notebooks using Bokeh Charts.
- Using KeyVault and Python Keyring to store secrets used to authenticate to web data providers.
Examples include API keys for Threat Intel and Geo IP Providers. Other provider types will be included in
a future release.

New Features
- Azure data expansion and documentation
- Keyvault and keyring secrets management with support for multiple Azure clouds
- config2kv.py KV secret update tool
- Timeseries - Bokeh with KQL and documentation
- KQL generic time series decomposition queries
- Bokeh time series visualization
- Added pandas version of get_whois_info and added as DataFrame accessor function.
- Added cmd script to test PyPi test deployment
- Added Conda package requirements files
- Updated TI providers to provide more consistent output and reduce false positives
- Using text rather than number to express severity
- Made TISeverity class comparable and parsable from string or int
- Added mp_demo_data.py notebook helper to tools.
- SecurityAlert has more flexible recognition of entities
- Added additional dependencies for azure mgmt, keyvault and others.

Fixes
- Fixed get_ip_type ordering to return more accurate IP types
- Fix entity extraction in SecurityAlert to allow nested entities to work correctly
- Additional test cases

Page 13 of 16

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.