msticpy.init.user_config module

User configuration functions.

Loads providers based on user_defaults section in msticpyconfig.yaml

UserDefaults:
# List of query providers to load
    QueryProviders:
        AzureSentinel:
        Default:          # name of the provider listed in AzureSentinel.Workspaces
            alias: azsent   # optional - create "qry_azsent" object in globals
        CyberSoc:
            alias: soc
            connect: False  # optional - do not connect on load
        Splunk:             # add non-sentinel providers like this
        connect: False
        LocalData: local

# List of other providers/components to load
LoadComponents:
    TILookup:           # No parameters
    GeoIpLookup:
    provider: GeoLiteLookup   # geoip provider to use
    Notebooklets:       # Load and intialize Notebooklets
    query_provider:   # Pass it this query provider at startup
        AzureSentinel:
        workspace: CyberSoc
    Pivot:              # No parameters
    AzureData:          # auth_methods passed as startup param
    auth_methods: ['cli','interactive']
    AzureSentinelAPI:
    auth_methods: ['env','interactive']
    connect: False   # Load but do not connect

Note: For components that require authentication the default is to connect after loading. You can skip the connect step by add connect: False to the entry.

msticpy.init.user_config.load_user_defaults() → Dict[str, object]

Load providers from user defaults in msticpyconfig.yaml.

Returns:

Dict of object name and provider instances.

Return type:

Dict[str, object]