Merge pull request #13 from microsoft/ianhelle_pivot_integ_and_fixes_…

…2020-12-22 Ianhelle pivot integ and fixes 2020 12 22
microsoft · Apr 3, 2021 · cb49ec0 · cb49ec0
2 parents 1d2cf20 + 58c8e60
commit cb49ec0
Show file tree

Hide file tree

Showing 65 changed files with 4,360 additions and 1,522 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,13 +1,31 @@
 repos:
--   repo: https://github.com/pre-commit/pre-commit-hooks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v2.3.0
     hooks:
     -   id: check-yaml
     -   id: check-json
     -   id: trailing-whitespace
         args: [--markdown-linebreak-ext=md]
--   repo: https://github.com/ambv/black
-    rev: stable
+  - repo: https://github.com/ambv/black
+    rev: 20.8b1
     hooks:
-    - id: black
-      language: python
+      - id: black
+        language: python
+        args:
+          - -t
+          - py36
+  - repo: https://github.com/pre-commit/mirrors-pylint
+    rev: v2.6.0
+    hooks:
+      - id: pylint
+        args:
+          - --disable=E0401,W0511
+          - --ignore-patterns=test_
+  - repo: https://gitlab.com/pycqa/flake8
+    rev: 3.8.4
+    hooks:
+      - id: flake8
+        args:
+          - --extend-ignore=E0401,E501
+          - --max-line-length=90
+          - --exclude=tests,test*.py
diff --git a/README.md b/README.md
@@ -212,13 +212,14 @@ Main operations:
 - The alerts and bookmarks are browsable using the browse_alerts and
   browse_bookmarks methods
 - You can call the find_additional_data method to retrieve and display
-  more detailed activity information for the account.
+  more detailed activity information for the account (e.g. host logons,
+  Azure and Office 365 activity)
 
 ### EnrichAlerts
 
 Alert Enrichment Notebooklet Class.
 
-Enriches Azure Sentinel alerts with Threat Intelligence data.
+Enriches Azure Sentinel alerts with Threat Intelligence and other data.
 
 ### HostLogonsSummary
 
@@ -257,6 +258,18 @@ Queries and displays Windows Security Events including:
 Process (4688) and Account Logon (4624, 4625) are not included in the
 event types processed by this module.
 
+### IpAddressSummary
+
+Retrieves common data about an IP Address including:
+
+- Tries to determine IP address is external or internal (i.e. owned by the organization)
+- Azure Heartbeat, Network Analytics or VMComputer records
+- Geo-IP and Whois data
+- Threat intel reports
+- Related alerts and hunting bookmarks
+- Network flows involving IP address
+- Azure activity (e.g. sign-ins) originating from IP address
+
 ### NetworkFlowSummary
 
 Network Flow Summary Notebooklet class.

diff --git a/docs/source/conf.py b/docs/source/conf.py
@@ -24,16 +24,16 @@
 sys.path.insert(0, os.path.abspath("../.."))
 
 # -- Project information -----------------------------------------------------
-
+# pylint: disable=redefined-builtin, invalid-name
 project = "msticnb"
-# pylint: disable=redefined-builtin
+
 copyright = "2020, (c) Microsoft Corporation."
-author = "Ian Hellen"
+author = "Ian Hellen, Pete Bryan"
 
 # The short X.Y version
 version = ""
 # The full version, including alpha/beta/rc tags
-release = "0.1.0"
+release = "0.2.0"
 
 
 # -- General configuration ---------------------------------------------------
@@ -78,7 +78,7 @@
 # List of patterns, relative to source directory, that match files and
 # directories to ignore when looking for source files.
 # This pattern also affects html_static_path and html_extra_path.
-exclude_patterns = []
+exclude_patterns: list = []
 
 # The name of the Pygments (syntax highlighting) style to use.
 pygments_style = None
@@ -127,7 +127,7 @@
 
 # -- Options for LaTeX output ------------------------------------------------
 
-latex_elements = {
+latex_elements: dict = {
     # The paper size ('letterpaper' or 'a4paper').
     #
     # 'papersize': 'letterpaper',

diff --git a/docs/source/msticnb.nb.azsent.network.rst b/docs/source/msticnb.nb.azsent.network.rst
@@ -3,6 +3,7 @@ Network notebooklets
 
 .. autosummary::
    msticnb.nb.azsent.network.network_flow_summary
+   msticnb.nb.azsent.network.ip_summary
 
 Submodules
 ----------
@@ -15,4 +16,10 @@ msticnb.nb.azsent.network.network\_flow\_summary module
    :undoc-members:
    :show-inheritance:
 
+msticnb.nb.azsent.network.ip\_summary module
+-------------------------------------------------------
 
+.. automodule:: msticnb.nb.azsent.network.ip_summary
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/msticnb.nblib.azsent.rst b/docs/source/msticnb.nblib.azsent.rst
@@ -12,4 +12,10 @@ msticnb.nblib.azsent.host module
    :undoc-members:
    :show-inheritance:
 
+msticnb.nblib.azsent.alert module
+---------------------------------
 
+.. automodule:: msticnb.nblib.azsent.alert
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/msticnb.nblib.rst b/docs/source/msticnb.nblib.rst
@@ -8,3 +8,11 @@ Categories
    :maxdepth: 4
 
    msticnb.nblib.azsent
+
+msticnb.nblib.iptools module
+----------------------------
+
+.. automodule:: msticnb.nblib.iptools
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/msticnb.rst b/docs/source/msticnb.rst
@@ -62,6 +62,14 @@ msticnb.notebooklet module
    :undoc-members:
    :show-inheritance:
 
+msticnb.notebooklet\_result module
+----------------------------------
+
+.. automodule:: msticnb.notebooklet_result
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
 msticnb.options module
 ----------------------
 
@@ -78,3 +86,11 @@ msticnb.read\_modules module
    :undoc-members:
    :show-inheritance:
 
+msticnb.data\viewers module
+---------------------------
+
+.. automodule:: msticnb.data_viewers
+   :members:
+   :undoc-members:
+   :show-inheritance:
+