Overview

We've finally decided that we're ready to put a 1.0.0 release number
on MSTICPy and move out of the Beta world.

There are three new features in this release and one major update.

Flexible dependencies with pip extras
Settings management and auto-load of components
An experimental SQL to KQL translator
Significant updates to the pivoting library.

New Features

MSTICPY Dependencies - Implementing Extras #128

We've split MSTICPy dependencies into "extras". This means that the
base install of MSTICPy does not install every dependency. Previously,
many rarely-used dependencies were installed regardless of whether
they were going to be used or not.
This is couple with a refactoring of the code so that, should you try
to use functionality that does not have a dependency installed, an informative
exception message is displayed telling you which extra you need to install.

Implemented pip "extras" for msticpy install - drastically reduces
install time for core msticpy.
Refactored many modules to emit informative warning if user tries to load functionality
that requires a different "extra"
Refactored unit tests to work with missing extras.
Added pyperclip to pkg dependencies exceptions.
Added extras documentation to Installing documentation
Added requirements-all.txt - that will always install all dependencies.
Added pre-commit hook to generate requirements-all.txt

MSTICPY config settings management #136

The MSTICPy configuration file has grown to be quite complex. We've tried
to address this by creating some interactive tools to let you create and edit
settings using a simple GUI and creating a notebook that walks you through
creating your settings file for the first time.

MSTICPy itself has a number of initialization/loading steps that you need to carry out
before starting to use it in a notebook. The other part of this feature
is the ability to specify, in settings, what to load at initialization.
Components that can be auto-loaded include: DataProviders, TI Providers,
Notebooklets and Pivot functions. These are specified in the msticpyconfig.yaml
(you can edit these settings with the Settings editor) and auto-loaded
when you run init_notebook() at the start of your notebook.

Flexible UI for configuring MSTICPy settings
User environment configuration for notebooks - lets you specify (in
settings), which providers/modules, etc. that should be loaded automatically.
Added minimal output from nbinit to show imported modules
Added check_version in init_notebook function to indicate if
a new version of MSTICPy has been released.
Added a function to retrieve and show current KV secrets
Updated MSTICPy Configuration documentation
Added MSTICPy Settings Editor documenation
Added MSTICPy Settings notebook
Added documentation diagram
Config editor, auto-load, dependencies and Sql2Kql translator

SQL to KQL Translator #132

Core feature implemented as msticpy.data.sql_to_kql using moz_sql_parser
Support for limited SparkSQL extensions
SQL TO KQL Conversion Documentation
SQLToKql Notebook

Updated Features

Pivot Functions #131

The pivot functionality has been updated with several usability and
documentation improvements. Notable features include:

Pivot browser, letting you browse/search for pivot functions.
Persistent Pipelines - you can save pipelined pivot operations in a
YAML file and run them on input DataFrames

Full list of changes

Made AzureSentinel and MDE the preferred names for LogAnalytics and MDE drivers.
Added pivot_browser UI - pivot_browser.py
Added ability to read pipeline definitions from yaml files - pivot_pipeline.py
Adding pivot.tee_exec pipeline function - in pivot_pd_accessor.py
Add ability to add arbitrary/ad hoc functions as pivots - in pivot.py
Exposing get_timespan function in Pivot class as public function - in pivot.py.
Added DNS entity to several pivot functions - mp_pivot_reg.yaml
Fixed some queries for more consistency.
Pivot data query functions now prefixed with table name.
Added ability for pivot functions to return raw output.
Add joins for pivot data queries in pivot_data_queries.py
Add "print" query debug parameter in data_providers.py
Add find_entity function in entities init.py
Add "pivots" attribute (an alias for get_pivot_list) in entity.py
Add ability to set timespan more flexibly. Calling set_timespan() no longer resets the timespan.
Add PivotBrowser method to Pivot class - in pivot.py
Switched engine to "Python" for pd.read_csv in pivot_magic_core.py to handle more formatting types.
Add positional parameters to pipeline step and cleaned up code in pivot_pipeline.py
Updated PivotFunctions documentation
Updated PivotFunctions Notebook
Added PivotFunctions-Introduction notebook

Miscellaneous Updates and Additions

added SplunkProvider documentation
Updated README and package summary section of MSTICPy to align with current features

Fixes

Updated formatting for new black version
Remove unneeded code from keyvault_client.py
Fixed pivot_register_reader to skip classes that cannot be instantiated (e.g. IPStack if user doesn't have API key)
Additions/corrections to Installing.rst
Correction to FoliumMap.ipynb - removing dropna from read_csv in FoliumMap notebook
Adding vt, vt_graph to Sphinx mock list
Fixed some problems and renamed module locations in notebooks and RST docs.
Some corrections to documentation in AzureSentinel and DataAcquisition docs.
some fixes to tests for test_pkg_imports and import_analyzer.py
fix to config2kv.py to correct some problems
fix for ipwidgets warning about deprecated on_submit() method
multiple fixes for typos and duplicate section names in: DataProviders.rst, UploadData.rst, PivotFunctions.rst
fixed issue in nbinit.py where extra_imports were being lost.
fix for QueryTime in nbwidgets.py - exception if user types invalid value into date field.
fixed several issues in test_mp_release.cmd with messed up folders/current folder.
Bandit warning on use of random.randint()
Removing test "secret" from MPSettingsEditor.ipynb triggering credscan warning

microsoft/msticpy v1.0.0.pre2 Config editor, auto-load, dependencies and Sql2Kql translator on GitHub