Skip to content

Fixes for MS Sentinel API and configuration

Compare
Choose a tag to compare
@ianhelle ianhelle released this 25 Oct 20:21
· 311 commits to main since this release
db7e51f

Some minor fixes and improvements:

  • MicrosoftSentinel class now defaults to "Default" workspace or workspace name supplied as workspace parameter
    when connecting.
sentinel = MicrosoftSentinel()
sentinel.connect()  # connect to "Default" workspace
sentinel.connect(workspace="MyWorkspace")   # connect to named workspace
  • Sentinel create_* APIs now return ID of new item (incident, bookmark, analytic, watchlist)
  • init_notebook - now accepts config parameter to use custom msticpyconfig.yaml for notebook session (overrides enviromnent variable and other defaults
import msticpy as mp
mp.init_notebook(config="~/configs/all_ti_provs.yaml")   # use a custom msticpy config file.
  • Sentinel configuration editor no longer throws an exception if named control not found
  • Sentinel TI provider will not attempt lookups if ThreatIntelligenceIndicator table not found in the Sentinel data provider schema
  • Support for Kusto/Azure Data explorer settings in Settings editor
  • Added checked_kwargs decorator to utility/types.py

What's Changed

Full Changelog: v2.1.3...v2.1.4