msticpy
release/msticpy-v2.0.0
Getting Started
Querying and Importing Data
Common Data Provider Operations
Query Providers Usage (common to all data sources)
Individual Data Environments
Microsoft Sentinel Provider
Microsoft 365 Defender Provider
Microsoft Graph API Provider
The LocalData provider
Splunk Provider
Azure Resource Graph Provider
Open Threat Research Security Datasets data provider and browser
Sumologic Provider
Azure Data Explorer/Kusto Provider
Cybereason Provider
Built-in Data Queries
Data Queries Reference
Other Data Modules and Functions
Setting up Process Auditing for Linux in Azure Sentinel
Data Uploaders
Data Masking Functions
Reading from and writing to Azure Blob AzureBlobStorage
SQL TO KQL Conversion (Experimental)
Enriching Data
Analyzing Data
Displaying/Visualizing Data
msticpy API
Notebook Examples
Articles, Labs and other Resources
Releases
Contributing
License
msticpy
»
Querying and Importing Data
Edit on GitHub
Querying and Importing Data
Common Data Provider Operations
Query Providers Usage (common to all data sources)
Creating a Query Provider
Connecting to a Data Environment
Listing available queries
Running a pre-defined query
Running an ad hoc query
Splitting Query Execution into Chunks
Creating new queries
Adding a new set of queries and running them
Individual Data Environments
Microsoft Sentinel Provider
Sentinel Configuration
Loading a QueryProvider for Microsoft Sentinel
Connecting to a MS Sentinel Workspace
Other MS Sentinel Documentation
Microsoft 365 Defender Provider
M365 Defender Configuration
Loading a QueryProvider for M365 Defender
Connecting to M365 Defender
Other M365 Defender Documentation
Microsoft Graph API Provider
Microsoft Graph Configuration
Loading a QueryProvider for Microsoft Graph
Connecting to Microsoft Graph
Other Microsoft Graph Documentation
The LocalData provider
LocalData Configuration
Loading a QueryProvider for LocalData
Connecting to LocalData
Example usage of LocalData driver
Other LocalData Documentation
Splunk Provider
Splunk Configuration
Loading a QueryProvider for Splunk
Connecting to Splunk
Listing available queries
Running pre-defined queries
Running an ad hoc Splunk query
Other Splunk Documentation
Azure Resource Graph Provider
Azure Resource Graph Configuration
Loading a Query Provider for Azure Resource Graph
Connecting to Azure Resource Graph
Listing available queries
Running pre-defined query
End-to-end Example
Other Azure Resource Graph Documentation
Open Threat Research Security Datasets data provider and browser
Using the Data Provider to download datasets
Mordor Browser
Sumologic Provider
Sumologic Configuration
Loading a QueryProvider for Sumologic
Connecting to Sumologic
Running a Sumologic query
Other Sumologic Documentation
Azure Data Explorer/Kusto Provider
Kusto Configuration
Data Query Format for Kusto clusters
Loading a QueryProvider for Kusto
Connecting to a Kusto cluster
Additional Kusto query parameters
Other Kusto Documentation
Cybereason Provider
Cybereason Configuration
Loading and Connecting a QueryProvider for Cybereason
Listing available queries
Running pre-defined queries
Running an ad-hoc Cybereason query
Other Cybereason Documentation
Built-in Data Queries
Data Queries Reference
Queries for Microsoft Sentinel
Queries for Microsoft 365 Defender
Queries for Microsoft Graph
Queries for Splunk
Queries for Azure Resource Graph
Queries for Sumologic
Queries for Local Data
Other Data Modules and Functions
Setting up Process Auditing for Linux in Azure Sentinel
Add your Linux VMs to the Log Analytics Workspace
Configure Auditing on your Linux VMs
Add Auditd as a Custom log in Log Analytics
Reading Audit Data from Log Analytics
Data Uploaders
Uploading data to Azure Sentinel/Log Analytics
Uploading data to Splunk
Data Masking Functions
Import the module
Individual Masking Functions
Masking DataFrames
Creating custom mappings
Using
hash_item
to preserve the structure/look of the hashed input
Checking Your Masking Results
Reading from and writing to Azure Blob AzureBlobStorage
Description
Import the module
Initialize the class and connect
List Containers
Create a Container
List Blobs
Write to a Blob
Read from a Blob
Delete a Blob
Generate a SAS Token for a Blob
SQL TO KQL Conversion (Experimental)
Caveat Emptor!
Simple SQL Query
SQL Joins
Table Renaming
Join with Aliases
Unions and Group By
Aliased and Calculated Select Columns
Read the Docs
v: release/msticpy-v2.0.0
Versions
latest
stable
v2.0.0.rc1
v1.8.0
v1.7.5
v1.7.0
v1.6.1
v1.5.0
v1.4.0
v1.3.0
v1.2.1
v1.1.0
v1.0.0
release-msticpy-v2.0.0
Downloads
On Read the Docs
Project Home
Builds