msticpy.context.azure.sentinel_bookmarks module

Mixin Classes for Sentinel Bookmark Features.

class msticpy.context.azure.sentinel_bookmarks.SentinelBookmarksMixin

Bases: object

Mixin class with Sentinel Bookmark integrations.

create_bookmark(name: str, query: str, results: str | None = None, notes: str | None = None, labels: List[str] | None = None) → str | None

Create a bookmark in the Sentinel Workspace.

Parameters:

• name (str) – The name of the bookmark to use

• query (str) – The KQL query for the bookmark

• results (str, optional) – The results of the query to include with the bookmark, by default None

• notes (str, optional) – Any notes you want associated with the bookmark, by default None

• labels (List[str], optional) – Any labels you want associated with the bookmark, by default None

Returns:

The name/ID of the bookmark.

Return type:

Optional[str]

Raises:

CloudError – If API returns an error.

delete_bookmark(bookmark: str)

Delete the selected bookmark.

Parameters:

bookmark (str, optional) – The name or GIUD of the bookmark to delete.

Raises:

CloudError – If the API returns an error.

get_bookmarks() → DataFrame

Return a list of Bookmarks from a Sentinel workspace.

Returns:

A set of bookmarks.

Return type:

pd.DataFrame

list_bookmarks() → DataFrame

Return a list of Bookmarks from a Sentinel workspace.

Returns:

A set of bookmarks.

Return type:

pd.DataFrame