Preview release of 2.7.0
More detailed release notes in the full release.
Main Changes
Two new TI Providers:
- CrowdSec (thanks to @sbs2001)
- AbuseIPDB (thanks to @rrevuelta)
Updated Data providers for Sentinel/Azure Monitor/Log Analytics and Kusto/Azure Data Explorer
These were introduced in v2.5.0 but are now the default drivers for these providers.
Query Editor
ipywidgets based query template editor - this is somewhat provisional so please be sure to test and
report bugs.
Updates to Authentication - esp for the AzureData and MicrosoftSentinel API modules
- You can now authenticate by supplying an AzureCredential as a
credential
parameter - The connect methods for these support
cloud
parameter to specify different sovreign clouds - The init and connect methods are instrumented with logging to help debug issues:
import msticpy as mp
from msticpy.context.azure.sentinel_core import MicrosoftSentinel
mp.set_logging_level("INFO")
mssentinel = MicrosoftSentinel()
mssentinel.connect()
Other items
- MS Sentinel delete watchlist API added by @mbabinski
- Splunk fixes added by @Tatsuya-hasegawa
What's Changed
- Add CrowdSec TIProvider by @sbs2001 in #673
- Added delete_watchlist_item method by @mbabinski in #682
- Update pandas requirement from <2.0.0,>=1.4.0 to >=1.4.0,<3.0.0 by @dependabot in #653
- Bump sphinx from 6.1.3 to 7.1.0 by @dependabot in #686
- Add AbuseIPDB TIProvider by @rrevuelta in #687
- Typo corrections in queries by @ianhelle in #684
- Ianhelle/query editor 2023 04 21 by @ianhelle in #685
- Few fix splunk driver by @Tatsuya-hasegawa in #688
- Ianhelle/mssentinel auth 2023 08 01 by @ianhelle in #690
- Updating timeline docs to prioritize pd accessors by @ianhelle in #691
- Fix splunk uploader create index option by @Tatsuya-hasegawa in #692
- v2.7.0 - changing new kql/sentinel drivers to be defaults by @ianhelle in #696
New Contributors
- @sbs2001 made their first contribution in #673
- @mbabinski made their first contribution in #682
Full Changelog: v2.6.0...v2.7.0.pre1