v0.5.3

• Fixed "from huntlib import *' exception
• Better handling of floats, negative numbers and zeros in Benford's Law function
• Added new script to control unit test docker containers and data (Elastic & Splunk)
• Added data chunk post-processing for read_json()/read_csv()

v0.5.1

Huntlib 0.5.1 contains two new functions:

• huntlib.data.chunk(): Given a sequence-like object (list, pandas Series, etc), divide it into chunks of a given size and return a chunks as a generator.
• huntlib.util.punctuation_pattern(): Return only the non-alphanumeric characters in the input string.

v0.5.0

v0.5.0 contains a new huntlib.domaintools.DomainTools object to easily query some of the DomainTools APIs (DomainTools API key required).

It also has moved the following functions from the main library into the huntlib.util package:

• promptCreds
• entropy
• entropy_per_byte

Attempting to use these functions in their old location still works, but generates a warning to update the code to the proper location. This backwards compatibility will go away in a future release.

There is also a new function huntlib.util.benfords to test whether a group of numbers conforms to Benford's Law. See the documentation for more details.

v0.5.0.a4

v0.5.0.a4 provides the following big fixes:

• huntlib.domaintools.DomainTools objects now have working iris_enrich() and enrich() functions.
• All the functions previously offered by importing the main huntlib module (entropy(), entropy_per_byte(), promptCreds() and edit_distance() have been moved to the new huntlib.util module. Attempting to use the old imports will still work, but result in a FutureWarning to the user.
• huntlib.data now provides a new flatten() function for transforming nested dicts and/or lists into a single namespace useful for creating pandas DataFrames

v0.5.0.a3

Alpha 3 contains the new domaintools module for hunting-relevant API calls and data enrichment of pandas DataFrames.

v0.4.5

Because the Splunk API is so incredibly slow, this release ditches it's oneshot() function in favor of the lower-level Splunk Jobs API. Since we had to write our own results retrieval code, we used Python's built-in multiprocessing module to retrieve results in parallel. The default is now to retrieve results with a single worker, which decreased total search time by about 45% while retrieving 1mil rows in testing.

v0.4.0

The major changes since 0.3.0 are:

• Now have at least basic unit tests for SplunkDF and ElasticDF classes
• ElasticDF and SplunkDF now both support the fields arg to specify which columns you want in your DataFrame
• A new huntlib.data module has drop-in replacements for pandas read_csv() and read_json() which can accept filenames with wildcards for easily reading multiple files into a single DataFrame
• Some updates to avoid calling deprecated functions in the underlying libraries

v0.3.0

This version contains new support for limiting the number of search results returned by ElasticDF or SplunkDF, as well as some basic exception support.

v0.2.1

Initial publish to PyPi

v0.2

This version adds support for the edit_distance() function for computing string similarity.