msticpy.data.data_obfus module

Data obfuscation functions.

msticpy.data.data_obfus.check_masking(data, orig_data, index=0, silent=True)

Check the obfuscation results for a row.

Parameters:

  • data (pd.DataFrame) – Obfuscated DataFrame

  • orig_data (pd.DataFrame) – Original DataFrame

  • index (int, optional) – The row to check, by default 0

  • silent (bool) – If False the function returns no output and returns lists of changed and unchanged columns. By default, True

Returns:

If silent is True returns a tuple of unchanged, changed items. If False, returns None.

Return type:

Optional[Tuple[List[str], List[str]]]

msticpy.data.data_obfus.check_obfuscation(data, orig_data, index=0, silent=True)

Check the obfuscation results for a row.

Parameters:

  • data (pd.DataFrame) – Obfuscated DataFrame

  • orig_data (pd.DataFrame) – Original DataFrame

  • index (int, optional) – The row to check, by default 0

  • silent (bool) – If False the function returns no output and returns lists of changed and unchanged columns. By default, True

Returns:

If silent is True returns a tuple of unchanged, changed items. If False, returns None.

Return type:

Optional[Tuple[List[str], List[str]]]

msticpy.data.data_obfus.hash_account(account)

Hash an Account to something recognizable.

Parameters:

account (str) – Account name (UPN, NT or simple name)

Returns:

Hashed Account

Return type:

str

msticpy.data.data_obfus.hash_dict(item_dict)

Hash dictionary values.

Parameters:

item_dict (Dict[str, Union[Dict[str, Any], List[Any], str]]) – Input item can be a Dict of strings, lists or other dictionaries.

Returns:

Dictionary with hashed values.

Return type:

Dict[str, Any]

msticpy.data.data_obfus.hash_ip(input_item)

Hash IP address or list of IP addresses.

Parameters:

input_item (Union[List[str], str]) – List of IP addresses or single IP address.

Returns:

List of hashed addresses or single address. (depending on input)

Return type:

Union[List[str], str]

msticpy.data.data_obfus.hash_item(input_item, delim=None)

Hash a simple string.

Parameters:

  • input_item (str) – The input string

  • delim (str, optional) – A string of delimiters to use to split the input string prior to hashing.

Returns:

The obfuscated output string

Return type:

str

msticpy.data.data_obfus.hash_list(item_list)

Hash list of strings.

Parameters:

item_list (List[str]) – Input list

Returns:

Hashed list

Return type:

List[Any]

msticpy.data.data_obfus.hash_sid(sid)

Hash a SID preserving well-known SIDs and the RID.

Parameters:

sid (str) – SID string

Returns:

Hashed SID

Return type:

str

msticpy.data.data_obfus.hash_string(input_str)

Hash a simple string.

Parameters:

input_str (str) – The input string

Returns:

The obfuscated output string

Return type:

str

msticpy.data.data_obfus.mask_df(data, column_map=None, use_default=True, silent=True)

Obfuscate columns of a DataFrame.

Parameters:

  • data (pd.DataFrame) – Input dataframe

  • column_map (Mapping[str, Any], optional) – Custom column mapping, by default None

  • use_default (bool) – If True use the built-in map (adding any custom mappings to this dictionary)

  • silent (bool) – If False the function returns progress output, by default True.

Returns:

Obfuscated dataframe.

Return type:

pd.DataFrame

msticpy.data.data_obfus.obfuscate_df(data, column_map=None, use_default=True, silent=True)

Obfuscate columns of a DataFrame.

Parameters:

  • data (pd.DataFrame) – Input dataframe

  • column_map (Mapping[str, Any], optional) – Custom column mapping, by default None

  • use_default (bool) – If True use the built-in map (adding any custom mappings to this dictionary)

  • silent (bool) – If False the function returns progress output, by default True.

Returns:

Obfuscated dataframe.

Return type:

pd.DataFrame

msticpy.data.data_obfus.replace_guid(guid)

Replace GUID/UUID with mapped random UUID.

Parameters:

guid (str) – Input UUID.

Returns:

Mapped UUID

Return type:

str