msticpy.data.data_obfus module
Data obfuscation functions.
- class msticpy.data.data_obfus.ObfuscationAccessor(pandas_obj)
Bases:
object
Base64 Unpack pandas extension.
Initialize the extension.
- mask(column_map: Mapping[str, Any] | None = None, use_default: bool = True) DataFrame
Obfuscate the data in columns of a pandas dataframe.
- Parameters:
data (pd.DataFrame) – dataframe containing column to obfuscate
column_map (Mapping[str, Any], optional) – Custom column mapping, by default None
use_default (bool) – If True use the built-in map (adding any custom mappings to this dictionary)
- Returns:
Obfuscated dataframe
- Return type:
pd.DataFrame
- msticpy.data.data_obfus.check_masking(data: DataFrame, orig_data: DataFrame, index: int = 0, silent=True) Tuple[List[str], List[str]] | None
Check the obfuscation results for a row.
- Parameters:
data (pd.DataFrame) – Obfuscated DataFrame
orig_data (pd.DataFrame) – Original DataFrame
index (int, optional) – The row to check, by default 0
silent (bool) – If False the function returns no output and returns lists of changed and unchanged columns. By default, True
- Returns:
If silent is True returns a tuple of unchanged, changed items. If False, returns None.
- Return type:
Optional[Tuple[List[str], List[str]]]
- msticpy.data.data_obfus.check_obfuscation(data: DataFrame, orig_data: DataFrame, index: int = 0, silent=True) Tuple[List[str], List[str]] | None
Check the obfuscation results for a row.
- Parameters:
data (pd.DataFrame) – Obfuscated DataFrame
orig_data (pd.DataFrame) – Original DataFrame
index (int, optional) – The row to check, by default 0
silent (bool) – If False the function returns no output and returns lists of changed and unchanged columns. By default, True
- Returns:
If silent is True returns a tuple of unchanged, changed items. If False, returns None.
- Return type:
Optional[Tuple[List[str], List[str]]]
- msticpy.data.data_obfus.hash_account(account: str) str
Hash an Account to something recognizable.
- Parameters:
account (str) – Account name (UPN, NT or simple name)
- Returns:
Hashed Account
- Return type:
str
- msticpy.data.data_obfus.hash_dict(item_dict: Dict[str, Dict[str, Any] | List[Any] | str]) Dict[str, Any]
Hash dictionary values.
- Parameters:
item_dict (Dict[str, Union[Dict[str, Any], List[Any], str]]) – Input item can be a Dict of strings, lists or other dictionaries.
- Returns:
Dictionary with hashed values.
- Return type:
Dict[str, Any]
- msticpy.data.data_obfus.hash_ip(input_item: List[str] | str) List[str] | str
Hash IP address or list of IP addresses.
- Parameters:
input_item (Union[List[str], str]) – List of IP addresses or single IP address.
- Returns:
List of hashed addresses or single address. (depending on input)
- Return type:
Union[List[str], str]
- msticpy.data.data_obfus.hash_item(input_item: str, delim: str = None) str
Hash a simple string.
- Parameters:
input_item (str) – The input string
delim (str, optional) – A string of delimiters to use to split the input string prior to hashing.
- Returns:
The obfuscated output string
- Return type:
str
- msticpy.data.data_obfus.hash_list(item_list: List[str]) List[Any]
Hash list of strings.
- Parameters:
item_list (List[str]) – Input list
- Returns:
Hashed list
- Return type:
List[Any]
- msticpy.data.data_obfus.hash_sid(sid: str) str
Hash a SID preserving well-known SIDs and the RID.
- Parameters:
sid (str) – SID string
- Returns:
Hashed SID
- Return type:
str
- msticpy.data.data_obfus.hash_string(input_str: str) str
Hash a simple string.
- Parameters:
input_str (str) – The input string
- Returns:
The obfuscated output string
- Return type:
str
- msticpy.data.data_obfus.mask_df(data: DataFrame, column_map: Mapping[str, Any] | None = None, use_default: bool = True, silent: bool = True) DataFrame
Obfuscate columns of a DataFrame.
- Parameters:
data (pd.DataFrame) – Input dataframe
column_map (Mapping[str, Any], optional) – Custom column mapping, by default None
use_default (bool) – If True use the built-in map (adding any custom mappings to this dictionary)
silent (bool) – If False the function returns progress output, by default True.
- Returns:
Obfuscated dataframe.
- Return type:
pd.DataFrame
- msticpy.data.data_obfus.obfuscate_df(data: DataFrame, column_map: Mapping[str, Any] | None = None, use_default: bool = True, silent: bool = True) DataFrame
Obfuscate columns of a DataFrame.
- Parameters:
data (pd.DataFrame) – Input dataframe
column_map (Mapping[str, Any], optional) – Custom column mapping, by default None
use_default (bool) – If True use the built-in map (adding any custom mappings to this dictionary)
silent (bool) – If False the function returns progress output, by default True.
- Returns:
Obfuscated dataframe.
- Return type:
pd.DataFrame
- msticpy.data.data_obfus.replace_guid(guid: str) str
Replace GUID/UUID with mapped random UUID.
- Parameters:
guid (str) – Input UUID.
- Returns:
Mapped UUID
- Return type:
str