Overview

Most of the features and fixes this month were done to support the new Entity Explorer series of notebooks
published on Azure-Sentinel-Notebooks repo

New Features

Added syslog_utils module for common syslog data manipulation
Added cmd_line module for syslog CMD analysis
Added ip_utils module for common IP Address operations
Added domain_utils module for common domain/DNS/URL operations
Added new TI providers - open_page_rank and tor_exit_nodes
Added package auto-install function added to utility.py
nbwidgets: added filtering to all select/list widgets
In query templates you can now express date parameters (and query defaults) as
a pos/neg number relative to current date or a KQL-like range (-30d, 15h, etc.)
wsconfig.py - can create a Connection string directly from wsconfig.
Added settings as a top-level msticpy attribute.
TI dataframes derive their column names directly from LookupResult so don't need to keep two lists.
A number of new queries were added in the following categories:
- Syslog/linux
- Office Activity
- Azure/Azure Active Directory
- Azure Network Analytics
- KQL time series queries
- Hunting bookmarks
Documentation updates:
- new documentation page on msticpy configuration - msticpyconfig.yaml
- Updated Readme.md for new features.

Typo in wsconfig.py - wsconfig throws meaningful error if config values are not found
fix yaml parsing error in timeseries kql
Miscellaneous fixes from notebook testing for new Explorer notebooks
Changed param_extractor to always prefer supplied params over defaults
tilookup fix - exception thrown if an empty IoCs list sent to it
geoip - fixed multiple problems with the DF lookup version of the API
Updated Pandas requirement to 0.25
Query fixes - miscellaneous
Added dependencies on cryptography, tqdm, ipwhois