This minor release includes some major updates to the pivot functions.
It also includes the addition of the [Greynoise Community API](https://greynoise.io/)
to our set of Threat Intel providers. Also
**Warning** - this includes some potentially breaking changes since we have
renamed a number of pivot functions to have shorter, friendlier names.
In particular a number of Azure Sentinel query functions have shortened names.
Updates
**Pivot phase 3** with better joins, more pd accessor functions and short/friendly aliases for
pivot functions (especially queries) 140
- Added short names for many queries
- Adding shortcut functions to entities - these allow you to create links from pivot functions in containers
e.g. IpAddress.whois() -> IpAddress.util.whois()
The shortcut methods have the advantage of being easier to see and type in. They
have the further benefit of working as instance methods. So, given an an instance you
can do this:
python
my_ip = IpAddress(Address="157.23.49.1")
my_ip.whois()
previously you'd have to do IpAddress.util.whois(my_ip) - this still works
- Standard pivot functions now also support joins (previously these were implemented only for Data query and TI functions)
- joins now support `join_ignore_case` parameter to [join case-insensitively](https://msticpy.readthedocs.io/en/latest/data_analysis/PivotFunctions.html#joining-input-to-output-data)
- Added [PD accessors](https://msticpy.readthedocs.io/en/latest/data_analysis/PivotFunctions.html#a-pandas-processing-pipeline-with-pivot-functions) for:
- `filter_cols` - column filtering with patterns or lists of columns
- `filter` - string or regex will match against all columns (can also match on partial numbers with the `numeric_col=True` option)
- `sort` - sort on one or more columns or a pattern to match columns
- `list_to_rows` - expand embedded lists in one or more cols to rows
- `parse_json` - turn JSON strings in column into Python objects
- Updates to Pivot docs and notebooks for new pivot behavior
- Added remove_pivot_funcs method to pivot.pivot.py + unit test in test_pivot
Implemented **Greynoise API** as TI Provider
- [Greynoise Community API](https://greynoise.io/)
- [TI Docs](https://msticpy.readthedocs.io/en/latest/data_acquisition/TIProviders.html)
Entities
- Added additional entities from schema: iot_device, mail_cluster, mail_message, mailbox, submission_mail
- Adding str and repr to Edge in entity_graph.py
- Adding (not yet used) graph_property.py to handle automatic creation of edges
Other updates
- Added tilookup functions to allow enabling/disabling individual providers
- Add better timestamp conversion in vtlookup3.py.
- Added check for attribute name similarity in query_container - if trying to access an attribute that doesn't exist it will return likely matches in the exception
- Extracted dup code from pivot_data_queries to pivot_register.
- Updating [blog articles](https://msticpy.readthedocs.io/en/latest/blog_articles.html) links in docs with recent publications
- Capturing output from load_user_defaults in nbinit.py to display as HTML
- Adding find_anomaly_periods function and shorter alias for timeseries_anomalies_stl in timeseries.py
Fixes
- Fixed a problem with logon failure query parameters.
- Minor corrections to queries in kql_sent_az_network and kql_sent_azure
- Fixing path handling in file.py entity
- Fixing test in test_pivot_pd_accessor for renamed parameter.
- Updating notebooks for some pivot function renaming.
- Fix spelling errors in SettingsEditor.rst
- Remove unnecessary list comprehension in test_security_alert.py
- Add tests for list_to_rows and parse_json in pivot_pd_accessor.py - test_pivot_pd_accessor.py
- Fixed some errors in entities with description_str and identity fields
- Add missing FullName property to Host
- Fixed exception in IpAddress
- Fixing some test errors in test_mordor_driver (due to test file race conditions)
- Removing duplicate mp_config file
- Correcting problem with passing namespace argument to notebooklets in user_config.py
- Fixes to analyze_imports.py and import_analyzer.py that prevented use from commandline and use with other packages.
- Fix to list_to_rows pd accessor in pivot_pd_accessor.
- Changed timeline.py so that it doesn't error when no source_columns are supplied
- Fixing bug in calculating period in timespan.py
- Cosmetic fixes in eventcluster.py
- Fixing an issue in ti_browser if passed an empty dataframe.
- Updating requirements files for updated versions of lxml and aiohttp for security issues.