microsoft/msticpy v2.1.4

Fixes for MS Sentinel API and configuration

on GitHub

Some minor fixes and improvements:

• MicrosoftSentinel class now defaults to "Default" workspace or workspace name supplied as workspace parameter
  when connecting.

sentinel = MicrosoftSentinel()
sentinel.connect()  # connect to "Default" workspace
sentinel.connect(workspace="MyWorkspace")   # connect to named workspace

• Sentinel create_* APIs now return ID of new item (incident, bookmark, analytic, watchlist)
• init_notebook - now accepts config parameter to use custom msticpyconfig.yaml for notebook session (overrides enviromnent variable and other defaults

import msticpy as mp
mp.init_notebook(config="~/configs/all_ti_provs.yaml")   # use a custom msticpy config file.

• Sentinel configuration editor no longer throws an exception if named control not found
• Sentinel TI provider will not attempt lookups if ThreatIntelligenceIndicator table not found in the Sentinel data provider schema
• Support for Kusto/Azure Data explorer settings in Settings editor
• Added checked_kwargs decorator to utility/types.py

What's Changed

• Ianhelle/training hotfixes 2022 10 13 by @ianhelle in #543
• Updated ReadMe with Blackhat Arsenal Tag by @petebryan in #521

Full Changelog: v2.1.3...v2.1.4