msticpy.context.provider_base module

Base class for Provider classes.

Input can be a single item or a pandas DataFrame containing multiple items. Processing may require a an API key and processing performance may be limited to a specific number of requests per minute for the account type that you have.

class msticpy.context.provider_base.PivotProvider

Bases: ABC

A class which provides pivot functions and a means of registering them.

abstract register_pivots(pivot_reg: PivotRegistration, pivot: Pivot)

Register pivot functions for a Provider.

Parameters:

  • pivot_reg (PivotRegistration) – Pivot registration settings.

  • pivot (Pivot) – Pivot library instance

class msticpy.context.provider_base.Provider(**kwargs)

Bases: ABC

Abstract base class for Providers.

Initialize the provider.

classmethod is_known_type(item_type: str) bool

Return True if this a known IoC Type.

Parameters:

item_type (str) – IoCType string to test

Returns:

True if known type.

Return type:

bool

is_supported_type(item_type: str | IoCType) bool

Return True if the passed type is supported.

Parameters:

item_type (Union[str, Type]) – type name or instance

Returns:

True if supported.

Return type:

bool

property item_query_defs: Dict[str, Any]

Return current dictionary of IoC query/request definitions.

Returns:

IoC query/request definitions keyed by IoCType

Return type:

Dict[str, Any]

abstract lookup_item(item: str, item_type: str | None = None, query_type: str | None = None, **kwargs) DataFrame

Lookup from a value.

Parameters:

  • item (str) – item to lookup

  • item_type (str, optional) – The Type of the item to lookup, by default None (type will be inferred)

  • query_type (str, optional) – Specify the data subtype to be queried, by default None. If not specified the default record type for the item_value will be returned.

Returns:

DataFrame of results.

Return type:

pd.DataFrame

Raises:

NotImplementedError – If attempting to use an HTTP method or authentication protocol that is not supported.

Notes

Note: this method uses memoization (lru_cache) to cache results for a particular item to try avoid repeated network calls for the same item.

lookup_items(data: DataFrame | Dict[str, str] | Iterable[str], item_col: str | None = None, item_type_col: str | None = None, query_type: str | None = None, **kwargs) DataFrame

Lookup collection of items.

Parameters:

  • data (Union[pd.DataFrame, Dict[str, str], Iterable[str]]) – Data input in one of three formats: 1. Pandas dataframe (you must supply the column name in item_col parameter) 2. Dict of items 3. Iterable of items

  • item_col (str, optional) – DataFrame column to use for items, by default None

  • item_type_col (str, optional) – DataFrame column to use for types, by default None

  • query_type (str, optional) – Specify the data subtype to be queried, by default None. If not specified the default record type for the type will be returned.

Returns:

DataFrame of results.

Return type:

pd.DataFrame

async lookup_items_async(data: DataFrame | Dict[str, str] | Iterable[str], item_col: str | None = None, item_type_col: str | None = None, query_type: str | None = None, **kwargs) DataFrame

Lookup collection of items.

Parameters:

  • data (Union[pd.DataFrame, Dict[str, str], Iterable[str]]) – Data input in one of three formats: 1. Pandas dataframe (you must supply the column name in item_col parameter) 2. Dict of items, Type 3. Iterable of items - Types will be inferred

  • item_col (str, optional) – DataFrame column to use for items, by default None

  • item_type_col (str, optional) – DataFrame column to use for Types, by default None

  • query_type (str, optional) – Specify the data subtype to be queried, by default None. If not specified the default record type for the item will be returned.

Returns:

DataFrame of results.

Return type:

pd.DataFrame

property name: str

Return the name of the provider.

static resolve_item_type(item: str) str

Return Type determined by ItemExtract.

Parameters:

item (str) – Item string

Returns:

Type (or unknown if type could not be determined)

Return type:

str

property supported_types: List[str]

Return list of supported types for this provider.

Returns:

List of supported type names

Return type:

List[str]

classmethod usage()

Print usage of provider.

msticpy.context.provider_base.generate_items(data: Any, item_col: str | None = None, item_type_col: str | None = None) Iterable[Tuple[str | None, str | None]]
msticpy.context.provider_base.generate_items(data: DataFrame, item_col: str, item_type_col: str | None = None)
msticpy.context.provider_base.generate_items(data: dict, item_col: str | None = None, item_type_col: str | None = None)

Generate item pairs from different input types.

Parameters:

  • data (Any) – DataFrame, dictionary or iterable

  • item_col (Optional[str]) – If data is a DataFrame, the column containing the item value.

  • item_type_col (Optional[str]) – If data is a DataFrame, the column containing the item type.

Return type:

Iterable[Tuple[Optional[str], Optional[str]]]] - a tuple of Observable/Type.