{"id":24078,"library":"msticpy","title":"MSTICpy","description":"MSTIC Security Tools for Jupyter notebooks, providing data acquisition, analysis, and visualization for security investigations. Current version is 3.0.0, released with Python 3.13 support and breaking changes. Release cadence: major/minor releases every few months.","status":"active","version":"3.0.0","language":"python","source_language":"en","source_url":"https://github.com/microsoft/msticpy","tags":["security","jupyter","azure","microsoft","threat-intelligence"],"install":[{"cmd":"pip install msticpy","lang":"bash","label":"Install msticpy"}],"dependencies":[{"reason":"Core data analysis","package":"pandas","optional":false},{"reason":"Visualizations","package":"bokeh","optional":false},{"reason":"Visualizations","package":"matplotlib","optional":false},{"reason":"Azure authentication","package":"azure-identity","optional":false},{"reason":"Azure Monitor data provider (replaced deprecated azure-loganalytics)","package":"azure-monitor-query","optional":true},{"reason":"Microsoft Defender API access","package":"azure-mgmt-security","optional":true},{"reason":"HTTP requests","package":"requests","optional":false},{"reason":"Kusto query support","package":"Kqlmagic","optional":true},{"reason":"Progress bars","package":"tqdm","optional":false}],"imports":[{"note":"QueryProvider is in msticpy.data, not top-level.","wrong":"from msticpy import QueryProvider","symbol":"QueryProvider","correct":"from msticpy.data import QueryProvider"},{"note":"Use specific submodules, not the analysis package directly.","wrong":"from msticpy import analysis","symbol":"MSTICPyAnalysis","correct":"from msticpy.analysis import timeseries_anomalies"},{"note":"nbdisplay is in msticpy.vis.","wrong":"from msticpy import nbdisplay","symbol":"nbdisplay","correct":"from msticpy.vis import nbdisplay"},{"note":"GeoIPLookup moved to msticpy.context.geoip in v2.x+.","wrong":"from msticpy.nbtools import GeoIPLookup","symbol":"GeoIPLookup","correct":"from msticpy.context.geoip import GeoIPLookup"}],"quickstart":{"code":"from msticpy.data import QueryProvider\nimport pandas as pd\n\n# Initialize a data provider (example: Azure Resource Graph)\nqry_prov = QueryProvider('AzureResourceGraph')\nprint('QueryProvider initialized successfully')","lang":"python","description":"Initialize a QueryProvider using the AzureResourceGraph driver. Replace 'AzureResourceGraph' with other supported drivers (e.g., 'LogAnalytics', 'MSSentinel')."},"warnings":[{"fix":"Upgrade Python to 3.10+.","message":"Dropped Python 3.8 and 3.9 support. Requires Python >=3.10.","severity":"breaking","affected_versions":">=3.0.0"},{"fix":"Change driver to 'AzureMonitor' and update queries to use the new API.","message":"Azure Log Analytics driver (driver='LogAnalytics') is deprecated; use Azure Monitor driver instead.","severity":"deprecated","affected_versions":"<3.0.0"},{"fix":"Refer to the migration guide at https://msticpy.readthedocs.io/en/latest/migration.html","message":"Many imports have changed between v2.x and v3.x. Always check the official docs for the correct import path.","severity":"gotcha","affected_versions":"all"},{"fix":"Use one of: 'AzureResourceGraph', 'AzureMonitor', 'MSSentinel', 'M365Def', 'ODS', 'LogAnalytics' (deprecated).","message":"QueryProvider requires a supported driver string; misspelling or using an unsupported driver yields a cryptic error.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Run 'pip install msticpy' in your active environment.","cause":"msticpy not installed or installed in a different environment.","error":"ModuleNotFoundError: No module named 'msticpy'"},{"fix":"Use 'from msticpy.data import QueryProvider'.","cause":"Importing from top-level instead of msticpy.data.","error":"AttributeError: module 'msticpy' has no attribute 'QueryProvider'"},{"fix":"Replace 'LogAnalytics' with 'AzureMonitor' or another supported driver.","cause":"Using deprecated driver name in v3.x.","error":"ValueError: Unsupported driver: 'LogAnalytics'"},{"fix":"Check docs for updated plot functions; use 'from msticpy.vis.timeline import display_timeline'.","cause":"Function moved or renamed in v3.x.","error":"ImportError: cannot import name 'plot_timeline' from 'msticpy.vis'"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}