MDATP/AzureData Support and ProcessTree Viewer
Overview
This release contains three important features:
- Query support for Microsoft Defender ATP
- Interactive Process Tree browser.
- Support for querying Azure properties for subscriptions and resources
New Features
- Microsoft Defender Query Support. Added a query provider/driver to
query Defender alerts, machines, processes and arbitrary KQL queries of
the Hunting data - Template queries for MDATP for hunting and standard entities
- Process Tree Viewer - Bokeh interactive graphical view for one or
more Process Trees in a data set. Supports both Windows and Linux. - Process tree utilities - data library to create and query process trees.
- Azure properties of subscriptions and resources such as VMs can be
queried from Notebooks. - Query providers now accept ISO-string format for datatime fields
for queries (in addition to datetime and timedelta) - Added Progress widget to nbwidgets.
Fixes
- Miscellaneous linting/checker bugs
- Spelling and path errors in docs
- Fixing paths for https://github/Azure/Azure-Sentinel-Notebooks repo.
- Updating dependency to Bokeh 1.40
- Fixed timeline legend bug