This release includes:
- Expansion of Azure Data API for retrieving additional data about subscriptions and resources from Azure APIs.
- Time Series anomaly detection for arbitrary Kusto data sets together with visualization of time series charts in
Jupyter Notebooks using Bokeh Charts. - Using KeyVault and Python Keyring to store secrets used to authenticate to web data providers.
Examples include API keys for Threat Intel and Geo IP Providers. Other provider types will be included in
a future release.
New Features
- Azure data expansion and documentation
- Keyvault and keyring secrets management with support for multiple Azure clouds
- config2kv.py KV secret update tool
- Timeseries - Bokeh with KQL and documentation
- KQL generic time series decomposition queries
- Bokeh time series visualization
- Added pandas version of get_whois_info and added as DataFrame accessor function.
- Added cmd script to test PyPi test deployment
- Added Conda package requirements files
- Updated TI providers to provide more consistent output and reduce false positives
- Using text rather than number to express severity
- Made TISeverity class comparable and parsable from string or int
- Added mp_demo_data.py notebook helper to tools.
- SecurityAlert has more flexible recognition of entities
- Added additional dependencies for azure mgmt, keyvault and others.
Fixes
- Fixed get_ip_type ordering to return more accurate IP types
- Fix entity extraction in SecurityAlert to allow nested entities to work correctly
- Additional test cases