Prisma Cloud Driver
This pull request adds support for integrating Prisma Cloud into MSTICPy. By including a dedicated PrismaCloudDriver, the goal is to enable querying and analyzing data from Prisma Cloud’s APIs within MSTICPy’s data analysis framework.
The Prisma Cloud Driver, developed by Palo Alto Networks, integrates MSTICPy with Prisma Cloud’s security platform. It enables seamless authentication, querying, and data retrieval from Prisma Cloud’s assets, configurations, and events. By incorporating this driver, MSTICPy users gain streamlined access to cloud security data, allowing to perform in-depth threat analysis, compliance checks, and security investigations directly within their existing data analysis workflows
Big thanks to @raj-axe for this
Cyberint TI Provider
TI provider uses the Cyberint API for IoC lookup.
Azure Sentinel/Azure Monitor
We've had a bit of activity around Azure Sentinel/Azure Monitor.
@JPvRiel has been digging into this and found a few bugs. They also raised the issue the current Azure monitor driver
has no support for custom tables. I created an experimental driver in this release but it's not working as expected.
If anyone wants to take up the sword and tackle bugs #829, #830 and #831 I would appreciate your help.
#831 is specifically the problems with the experimental driver
The other two are bugs in the existing Azure Monitor/Sentinel provider. (although I'm not the support for parsing time ranges is an easy fix since we're relying on the azure.monitor.query SDK to do this conversion.
Thanks to @vx3r for this.
Certificate Authentication support for OData drivers (Defender and MSGraph)
Thanks to @FlorianBracq for this.
Other changes
Lots more typing work by our esteemed @FlorianBracq
Various fixes but some important ones:
- Maxmind API change
- Bokeh (should now support current Bokeh versions)
- Panel (workaround for seeming bug in 1.16.1)
What's Changed
- Fix typing issue for FoliumMap by @FlorianBracq in #814
- Add Azure kusto driver typing by @FlorianBracq in #816
- Odata certificate support by @FlorianBracq in #812
- Fix change to maxmind API 2.6.3 by @ianhelle in #823
- Apply typing to the Cybereason driver by @FlorianBracq in #813
- add Cyberint TI provider by @vx3r in #817
- Ianhelle/update to v2.16.0 by @ianhelle in #824
- Ianhelle/az monitor search driver 2025 02 05 by @ianhelle in #825
- Fixed autogen package by @ekzhu in #818
- prisma_cloud driver by @raj-axe in #821
- Updating bokeh code to support 3.4.0+ by @ianhelle in #826
- Cyberint risk key none value by @vx3r in #832
New Contributors
Full Changelog: v2.15.0...v2.16.0