msticpy.data.data_obfus module

Data obfuscation functions.

class msticpy.data.data_obfus.ObfuscationAccessor(pandas_obj)

Bases: object

Base64 Unpack pandas extension.

Initialize the extension.

mask(column_map: Mapping[str, Any] | None = None, use_default: bool = True) DataFrame

Obfuscate the data in columns of a pandas dataframe.

Parameters:

  • data (pd.DataFrame) – dataframe containing column to obfuscate

  • column_map (Mapping[str, Any], optional) – Custom column mapping, by default None

  • use_default (bool) – If True use the built-in map (adding any custom mappings to this dictionary)

Returns:

Obfuscated dataframe

Return type:

pd.DataFrame

msticpy.data.data_obfus.check_masking(data: DataFrame, orig_data: DataFrame, index: int = 0, silent=True) Tuple[List[str], List[str]] | None

Check the obfuscation results for a row.

Parameters:

  • data (pd.DataFrame) – Obfuscated DataFrame

  • orig_data (pd.DataFrame) – Original DataFrame

  • index (int, optional) – The row to check, by default 0

  • silent (bool) – If False the function returns no output and returns lists of changed and unchanged columns. By default, True

Returns:

If silent is True returns a tuple of unchanged, changed items. If False, returns None.

Return type:

Optional[Tuple[List[str], List[str]]]

msticpy.data.data_obfus.check_obfuscation(data: DataFrame, orig_data: DataFrame, index: int = 0, silent=True) Tuple[List[str], List[str]] | None

Check the obfuscation results for a row.

Parameters:

  • data (pd.DataFrame) – Obfuscated DataFrame

  • orig_data (pd.DataFrame) – Original DataFrame

  • index (int, optional) – The row to check, by default 0

  • silent (bool) – If False the function returns no output and returns lists of changed and unchanged columns. By default, True

Returns:

If silent is True returns a tuple of unchanged, changed items. If False, returns None.

Return type:

Optional[Tuple[List[str], List[str]]]

msticpy.data.data_obfus.hash_account(account: str) str

Hash an Account to something recognizable.

Parameters:

account (str) – Account name (UPN, NT or simple name)

Returns:

Hashed Account

Return type:

str

msticpy.data.data_obfus.hash_dict(item_dict: Dict[str, Dict[str, Any] | List[Any] | str]) Dict[str, Any]

Hash dictionary values.

Parameters:

item_dict (Dict[str, Union[Dict[str, Any], List[Any], str]]) – Input item can be a Dict of strings, lists or other dictionaries.

Returns:

Dictionary with hashed values.

Return type:

Dict[str, Any]

msticpy.data.data_obfus.hash_ip(input_item: List[str] | str) List[str] | str

Hash IP address or list of IP addresses.

Parameters:

input_item (Union[List[str], str]) – List of IP addresses or single IP address.

Returns:

List of hashed addresses or single address. (depending on input)

Return type:

Union[List[str], str]

msticpy.data.data_obfus.hash_item(input_item: str, delim: str = None) str

Hash a simple string.

Parameters:

  • input_item (str) – The input string

  • delim (str, optional) – A string of delimiters to use to split the input string prior to hashing.

Returns:

The obfuscated output string

Return type:

str

msticpy.data.data_obfus.hash_list(item_list: List[str]) List[Any]

Hash list of strings.

Parameters:

item_list (List[str]) – Input list

Returns:

Hashed list

Return type:

List[Any]

msticpy.data.data_obfus.hash_sid(sid: str) str

Hash a SID preserving well-known SIDs and the RID.

Parameters:

sid (str) – SID string

Returns:

Hashed SID

Return type:

str

msticpy.data.data_obfus.hash_string(input_str: str) str

Hash a simple string.

Parameters:

input_str (str) – The input string

Returns:

The obfuscated output string

Return type:

str

msticpy.data.data_obfus.mask_df(data: DataFrame, column_map: Mapping[str, Any] | None = None, use_default: bool = True, silent: bool = True) DataFrame

Obfuscate columns of a DataFrame.

Parameters:

  • data (pd.DataFrame) – Input dataframe

  • column_map (Mapping[str, Any], optional) – Custom column mapping, by default None

  • use_default (bool) – If True use the built-in map (adding any custom mappings to this dictionary)

  • silent (bool) – If False the function returns progress output, by default True.

Returns:

Obfuscated dataframe.

Return type:

pd.DataFrame

msticpy.data.data_obfus.obfuscate_df(data: DataFrame, column_map: Mapping[str, Any] | None = None, use_default: bool = True, silent: bool = True) DataFrame

Obfuscate columns of a DataFrame.

Parameters:

  • data (pd.DataFrame) – Input dataframe

  • column_map (Mapping[str, Any], optional) – Custom column mapping, by default None

  • use_default (bool) – If True use the built-in map (adding any custom mappings to this dictionary)

  • silent (bool) – If False the function returns progress output, by default True.

Returns:

Obfuscated dataframe.

Return type:

pd.DataFrame

msticpy.data.data_obfus.replace_guid(guid: str) str

Replace GUID/UUID with mapped random UUID.

Parameters:

guid (str) – Input UUID.

Returns:

Mapped UUID

Return type:

str