msticpy.init.user_config module
User configuration functions.
Loads providers based on user_defaults section in msticpyconfig.yaml
UserDefaults:
# List of query providers to load
QueryProviders:
AzureSentinel:
Default: # name of the provider listed in AzureSentinel.Workspaces
alias: azsent # optional - create "qry_azsent" object in globals
CyberSoc:
alias: soc
connect: False # optional - do not connect on load
Splunk: # add non-sentinel providers like this
connect: False
LocalData: local
# List of other providers/components to load
LoadComponents:
TILookup: # No parameters
GeoIpLookup:
provider: GeoLiteLookup # geoip provider to use
Notebooklets: # Load and intialize Notebooklets
query_provider: # Pass it this query provider at startup
AzureSentinel:
workspace: CyberSoc
Pivot: # No parameters
AzureData: # auth_methods passed as startup param
auth_methods: ['cli','interactive']
AzureSentinelAPI:
auth_methods: ['env','interactive']
connect: False # Load but do not connect
Note: For components that require authentication the default is to connect after loading. You can skip the connect step by add connect: False to the entry.
- msticpy.init.user_config.load_user_defaults() Dict[str, object]
Load providers from user defaults in msticpyconfig.yaml.
- Returns:
Dict of object name and provider instances.
- Return type:
Dict[str, object]