Fixes for MS Sentinel API and configuration
Some minor fixes and improvements:
- MicrosoftSentinel class now defaults to "Default" workspace or workspace name supplied as
workspace
parameter
when connecting.
sentinel = MicrosoftSentinel()
sentinel.connect() # connect to "Default" workspace
sentinel.connect(workspace="MyWorkspace") # connect to named workspace
- Sentinel
create_*
APIs now return ID of new item (incident, bookmark, analytic, watchlist) - init_notebook - now accepts
config
parameter to use custommsticpyconfig.yaml
for notebook session (overrides enviromnent variable and other defaults
import msticpy as mp
mp.init_notebook(config="~/configs/all_ti_provs.yaml") # use a custom msticpy config file.
- Sentinel configuration editor no longer throws an exception if named control not found
- Sentinel TI provider will not attempt lookups if
ThreatIntelligenceIndicator
table not found in the Sentinel data provider schema - Support for Kusto/Azure Data explorer settings in Settings editor
- Added checked_kwargs decorator to utility/types.py
What's Changed
- Ianhelle/training hotfixes 2022 10 13 by @ianhelle in #543
- Updated ReadMe with Blackhat Arsenal Tag by @petebryan in #521
Full Changelog: v2.1.3...v2.1.4