MSTICpy

3.0.0 verified Fri May 01 auth: no python

MSTIC Security Tools for Jupyter notebooks, providing data acquisition, analysis, and visualization for security investigations. Current version is 3.0.0, released with Python 3.13 support and breaking changes. Release cadence: major/minor releases every few months.

pip install msticpy

Common errors

error ModuleNotFoundError: No module named 'msticpy' ↓

cause msticpy not installed or installed in a different environment.

fix

Run 'pip install msticpy' in your active environment.

error AttributeError: module 'msticpy' has no attribute 'QueryProvider' ↓

cause Importing from top-level instead of msticpy.data.

fix

Use 'from msticpy.data import QueryProvider'.

error ValueError: Unsupported driver: 'LogAnalytics' ↓

cause Using deprecated driver name in v3.x.

fix

Replace 'LogAnalytics' with 'AzureMonitor' or another supported driver.

error ImportError: cannot import name 'plot_timeline' from 'msticpy.vis' ↓

cause Function moved or renamed in v3.x.

fix

Check docs for updated plot functions; use 'from msticpy.vis.timeline import display_timeline'.

Warnings

breaking Dropped Python 3.8 and 3.9 support. Requires Python >=3.10. ↓

fix Upgrade Python to 3.10+.

deprecated Azure Log Analytics driver (driver='LogAnalytics') is deprecated; use Azure Monitor driver instead. ↓

fix Change driver to 'AzureMonitor' and update queries to use the new API.

gotcha Many imports have changed between v2.x and v3.x. Always check the official docs for the correct import path. ↓

fix Refer to the migration guide at https://msticpy.readthedocs.io/en/latest/migration.html

gotcha QueryProvider requires a supported driver string; misspelling or using an unsupported driver yields a cryptic error. ↓

fix Use one of: 'AzureResourceGraph', 'AzureMonitor', 'MSSentinel', 'M365Def', 'ODS', 'LogAnalytics' (deprecated).

Imports

QueryProvider

wrong

from msticpy import QueryProvider

correct

from msticpy.data import QueryProvider

QueryProvider is in msticpy.data, not top-level.

MSTICPyAnalysis
wrong
```
from msticpy import analysis
```
correct
```
from msticpy.analysis import timeseries_anomalies
```
Use specific submodules, not the analysis package directly.

nbdisplay

wrong

from msticpy import nbdisplay

correct

from msticpy.vis import nbdisplay

nbdisplay is in msticpy.vis.

GeoIPLookup

wrong

from msticpy.nbtools import GeoIPLookup

correct

from msticpy.context.geoip import GeoIPLookup

GeoIPLookup moved to msticpy.context.geoip in v2.x+.

Quickstart

Initialize a QueryProvider using the AzureResourceGraph driver. Replace 'AzureResourceGraph' with other supported drivers (e.g., 'LogAnalytics', 'MSSentinel').

from msticpy.data import QueryProvider
import pandas as pd

# Initialize a data provider (example: Azure Resource Graph)
qry_prov = QueryProvider('AzureResourceGraph')
print('QueryProvider initialized successfully')