msticpy.context.azure.sentinel_watchlists module

Mixin Classes for Sentinel Watchlist Features.

class msticpy.context.azure.sentinel_watchlists.SentinelWatchlistsMixin

Bases: object

Mixin class for Sentinel Watchlist feature integrations.

add_watchlist_item(watchlist_name: str, item: Dict | Series | DataFrame, overwrite: bool = False)

Add or update an item in a Watchlist.

Parameters:

  • watchlist_name (str) – The name of the watchlist to add items to

  • item (Union[Dict, pd.Series, pd.DataFrame]) – The item to add, this can be a dictionary of valies, a Pandas Series, or DataFrame

  • overwrite (bool, optional) – Wether you want to overwrite an item if it already exists in the watchlist, by default False

Raises:

  • MsticpyUserError – If the specified Watchlist does not exist.

  • MsticpyUserError – If the item already exists in the Watchlist and overwrite is set to False

  • CloudError – If the API returns an error.

create_watchlist(watchlist_name: str, description: str, search_key: str, provider: str = 'MSTICPy', source: str = 'Notebook', data: DataFrame | None = None) str | None

Create a new watchlist.

Parameters:

  • watchlist_name (str) – The name of the watchlist you want to create, this can’t be the name of an existing watchlist.

  • description (str) – A description of the watchlist to be created.

  • search_key (str) – The search key is used to optimize query performance when using watchlists for joins with other data. This should be the key column that will be used in the watchlist when joining to other data tables.

  • provider (str, optional) – This is the label attached to the watchlist showing who created it, by default “MSTICPy”

  • source (str, optional) – The source of the data to be put in the watchlist, by default “Notebook”

  • data (pd.DataFrame, optional) – The data you want to upload to the watchlist

Returns:

The name/ID of the watchlist.

Return type:

Optional[str]

Raises:

  • MsticpyUserError – Raised if the watchlist name already exists.

  • CloudError – If there is an issue creating the watchlist.

delete_watchlist(watchlist_name: str)

Delete a selected Watchlist.

Parameters:

watchlist_name (str) – The name of the Watchlist to deleted

Raises:

  • MsticpyUserError – If Watchlist does not exist.

  • CloudError – If the API returns an error.

delete_watchlist_item(watchlist_name: str, watchlist_item_id: str)

Delete a Watchlist item.

Parameters:

  • watchlist_name (str) – The name of the watchlist with the item to be deleted

  • watchlist_item_id (str) – The watchlist item ID to delete

Raises:

  • MsticpyUserError – If the specified Watchlist does not exist.

  • CloudError – If the API returns an error.

list_watchlist_items(watchlist_name: str) DataFrame

List items in a watchlist.

Parameters:

watchlist_name (str) – The name of the watchlist to get items from

Returns:

A DataFrame containing the watchlists

Return type:

pd.DataFrame

Raises:

CloudError – If a valid result is not returned.

list_watchlists() DataFrame

List Deployed Watchlists.

Returns:

A DataFrame containing the watchlists

Return type:

pd.DataFrame

Raises:

CloudError – If a valid result is not returned.