msticpy.context.azure.azure_data module

Uses the Azure Python SDK to collect and return details related to Azure.

class msticpy.context.azure.azure_data.AzureData(connect: bool = False, cloud: str | None = None)

Bases: object

Class for returning data on an Azure tenant.

Initialize connector for Azure Python SDK.

connect(auth_methods: List | None = None, tenant_id: str | None = None, silent: bool = False, **kwargs)

Authenticate to the Azure SDK.

Parameters:

• auth_methods (List, optional) – list of preferred authentication methods to use, by default None

• tenant_id (str, optional) – The tenant to authenticate against. If not supplied, the default tenant for the identity will be used.

• silent (bool, optional) – Set true to prevent output during auth process, by default False

• cloud (str, optional) – What Azure cloud to connect to. By default it will attempt to use the cloud setting from config file. If this is not set it will default to Azure Public Cloud

• **kwargs – Additional keyword arguments to pass to the az_connect function.

Raises:

CloudError – If no valid credentials are found or if subscription client can’t be created

See also

msticpy.auth.azure_auth.az_connect

function to authenticate to Azure SDK

get_metrics(metrics: str, resource_id: str, sub_id: str, sample_time: str = 'hour', start_time: int = 30) → Dict[str, DataFrame]

Return specified metrics on Azure Resource.

Parameters:

• metrics (str) – A string list of metrics you wish to collect (https://docs.microsoft.com/en-us/azure/azure-monitor/platform/metrics-supported)

• resource_id (str) – The resource ID of the resource to collet the metrics from

• sub_id (str) – The subscription ID that the resource is part of

• sample_time (str (Optional)) – You can select to collect the metrics every hour of minute - default is hour Accepted inputs = ‘hour’ or ‘minute’

• start_time (int (Optional)) – The number of days prior to today to collect metrics for, default is 30

Returns:

results – A Dictionary of DataFrames containing the metrics details

Return type:

dict

get_network_details(network_id: str, sub_id: str) → Tuple[DataFrame, DataFrame]

Return details related to an Azure network interface and associated NSG.

Parameters:

• network_id (str) – The ID of the network interface to return details on

• sub_id (str) – The subscription ID that the network interface is part of

Returns:

details – A dictionary of items related to the network interface

Return type:

dict

get_resource_details(sub_id: str, resource_id: str | None = None, resource_details: dict | None = None) → dict

Return the details of a specific Azure resource.

Parameters:

• resource_id (str, optional) – The ID of the resource to get details on

• resource_details (dict, optional) –

  If ID is unknown provide the following details:

  -resource_group_name -resource_provider_namespace -resource_type -resource_name -parent_resource_path

• sub_id (str) – The ID of the subscription to get resources from

Returns:

resource_details – The details of the requested resource

Return type:

dict

get_resources(sub_id: str, rgroup: str | None = None, get_props: bool = False) → DataFrame

Return details on all resources in a subscription or Resource Group.

Parameters:

• sub_id (str) – The subscription ID to get resources for

• rgroup (str (Optional)) – The name of a Resource Group to get resources for

• get_props (bool (Optional)) – Set to True if you want to get the full properties of every resource Warning this may be a slow process depending on the number of resources

Returns:

A dataframe of resource details

Return type:

pd.DataFrame

get_sentinel_workspaces(sub_id: str) → Dict[str, str]

Return a list of Microsoft Sentinel workspaces in a Subscription.

Parameters:

sub_id (str) – The subscription ID to get a list of workspaces from. If not provided it will attempt to get sub_id from config files.

Returns:

A dictionary of workspace names and ids

Return type:

Dict

get_subscription_info(sub_id: str) → dict

Get information on a specific subscription.

Parameters:

sub_id (str) – The ID of the subscription to return details on.

Returns:

Details on the selected subscription.

Return type:

dict

Raises:

MsticpyNotConnectedError – If .connect() has not been called.

get_subscriptions() → DataFrame

Get details of all subscriptions within the tenant.

Returns:

Details of the subscriptions present in the users tenant.

Return type:

pd.DataFrame

Raises:

MsticpyNotConnectedError – If .connect() has not been called

list_sentinel_workspaces(sub_id: str) → Dict[str, str]

Return a list of Microsoft Sentinel workspaces in a Subscription.

Parameters:

sub_id (str) – The subscription ID to get a list of workspaces from. If not provided it will attempt to get sub_id from config files.

Returns:

A dictionary of workspace names and ids

Return type:

Dict

class msticpy.context.azure.azure_data.InterfaceItems(interface_id: str | None = None, private_ip: str | None = None, private_ip_allocation: str | None = None, public_ip: str | None = None, public_ip_allocation: str | None = None, app_sec_group: List[Any] | None = None, subnet: str | None = None, subnet_nsg: Any | None = None, subnet_route_table: Any | None = None)

Bases: object

attr class to build network interface details dictionary.

Method generated by attrs for class InterfaceItems.

app_sec_group: List[Any] | None

interface_id: str | None

private_ip: str | None

private_ip_allocation: str | None

public_ip: str | None

public_ip_allocation: str | None

subnet: str | None

subnet_nsg: Any

subnet_route_table: Any

class msticpy.context.azure.azure_data.Items(resource_id: str | None = None, name: str | None = None, resource_type: str | None = None, location: str | None = None, tags: Any | None = None, plan: Any | None = None, properties: Any | None = None, kind: str | None = None, managed_by: str | None = None, sku: str | None = None, identity: str | None = None, state: Any | None = None)

Bases: object

attr class to build resource details dictionary.

Method generated by attrs for class Items.

identity: str | None

kind: str | None

location: str | None

managed_by: str | None

name: str | None

plan: Any | None

properties: Any | None

resource_id: str | None

resource_type: str | None

sku: str | None

state: Any

tags: Any | None

class msticpy.context.azure.azure_data.NsgItems(rule_name: str | None = None, description: str | None = None, protocol: str | None = None, direction: str | None = None, src_ports: str | None = None, dst_ports: str | None = None, src_addrs: str | None = None, dst_addrs: str | None = None, action: str | None = None)

Bases: object

attr class to build NSG rule dictionary.

Method generated by attrs for class NsgItems.

action: str | None

description: str | None

direction: str | None

dst_addrs: str | None

dst_ports: str | None

protocol: str | None

rule_name: str | None

src_addrs: str | None

src_ports: str | None

msticpy.context.azure.azure_data.get_api_headers(token: str) → Dict

Return authorization header with current token.

Parameters:

token (str) – Azure auth token.

Returns:

A dictionary of headers to be used in API calls.

Return type:

Dict

msticpy.context.azure.azure_data.get_token(credential: AzCredentials, tenant_id: str | None = None, cloud: str | None = None) → str

Extract token from a azure.identity object.

Parameters:

• credential (AzCredentials) – Azure OAuth credentials.

• tenant_id (str, optional) – The tenant to connect to if not the users home tenant.

• cloud (str, optional) – The Azure cloud to connect to.

Returns:

A token to be used in API calls.

Return type:

str