Timeline duration, MDE Query upgrade

New Features

Timeline duration visualization #176

This new variant of the timeline control allows you to group by one or more columns and view timelines as start/end of activity related to those columns. The graphic below shows durations of communication between different source and destination IPs using a given protocol.

Like other timeline controls it's accessible as a pandas extension.

az_net_flows_df.mp_timeline.plot_duration(
    group_by=["SrcIP", "DestIP", "L7Protocol"]
)

You can also import and use the plot function directly:

from msticpy.nbtools.timeline_duration import display_timeline_duration

display_timeline_duration(
    host_logons,
    group_by="Account",
    ref_events=host_logons.sample(3),
    ref_col="TargetUserName",
);

Read about this in our Event Timeline documentation

Fixes

#184 MDEFix Update MDE connectors

The Microsoft Defender for Endpoint provider and queries have had a major update, correcting many schema issues (we were still using old column names in a number of cases

#185 from microsoft/ianhelle/init_notebook_changes-2021-07-14

• Removed nb_check.py update from azure_ml_tools.py
• Updated text about how to fix missing PyGObject
• Fixed MpConfigEdit widget to show checkbox for making backups prior to updating msticpyconfig
• Fix to remove casefold of OptionButtons value

8707868@Fixing Mordor and azure_ml_tools tests

• Fixed Mordor URL for mordor data provider

1ec1a00@bypassing GeoIP notebook test because of IPStack intermittent problems (#181)