Reading from and writing to Azure Blob AzureBlobStorage
Description
Azure Blob Storage provides a simple and flexible way to store and access data of any kind. This makes it ideal for storing a range of data relating to security investigations, whether it be raw data to analyze or to store outputs and findings.
This class wraps the Azure Python SDK and integrates it with other MSTICpy features.
Import the module
from msticpy.data.storage import AzureBlobStorage
See azure_blob_storage for API details.
Initialize the class and connect
Azure Blob Storage works on the basis of accounts, these are top level
objects under which everything sits. When initializing AzureBlobStorage
you need to provide the name of the account you wish to interact with.
You then need to authenticate with the connect function.
Authentication uses the az_connect feature of
MSTICpy and the authentication methods can be customized by passing them
to connect with the auth_methods keyword.
abs = AzureBlobStorage("MyABSAccount")
abs.connect(auth_methods=["cli"])
For more details on Azure authentication see Azure Authentication in MSTICPy.
List Containers
Containers returns details on all the containers within an account.
abs.containers()
| name | last_modified | etag | public_access | has_immutability_policy | deleted | version | has_legal_hold | metadata | |
|---|---|---|---|---|---|---|---|---|---|
| 0 | papermill | 2020-11-06 21:53:33+00:00 | "0x8D8829E684FCAA2" | None | False | None | None | False | None |
| 1 | testcontainer | 2020-11-19 15:22:38+00:00 | "0x8D88C9EF3328E1F" | None | False | None | None | False | None |
See containers for API details.
Create a Container
create_container creates a new container within the account.
abs.create_container(conatiner_name="MyNewContainer")
| name | last_modified | etag | public_access | has_immutability_policy | deleted | version | has_legal_hold | |
|---|---|---|---|---|---|---|---|---|
| 0 | MyNewContainer | 2020-11-25 16:28:54+00:00 | "0x8D8915F336764B3" | None | False | None | None | False |
See create_container for API details.
List Blobs
blobs returns details on all the blobs in a container, due to the container scope it is required that you pass this function
the name of the container you want to list blobs from.
blobs = abs.blobs(container_name="MyNewContainer")
display(blobs[['name', 'container', 'snapshot', 'blob_type', 'last_modified']])
| name | container | snapshot | blob_type | last_modified | |
|---|---|---|---|---|---|
| 0 | test-blob | MyNewContainer | None | BlobType.BlockBlob | 2020-11-25 17:26:44+00:00 |
See blobs for API details.
Write to a Blob
upload_to_blob writes data to a blob as specified. By default this will overwrite anything in the blob
but you can set overwrite=False to stop an overwrite if the blob already has contents.
The function returns True if the upload was successful.
>abs.upload_to_blob(blob="Here is some test data", container_name="MyNewContainer", blob_name="test-blob")
True
See upload_to_blob for API details.
Read from a Blob
get_blob returns the contents of the specified blob.
> blob_contents = abs.get_blob(container_name="MyNewContainer", blob_name="test-blob")
> print(blob_contents)
b"Here is some test data"
See get_blob for API details.
Delete a Blob
delete_blob deletes a blob. By default this will also delete any blob snapshots.
Returns True if blob is successfully deleted.
>abs.delete_blob(container_name="MyNewContainer", blob_name="test-blob")
True
See delete_blob for API details.
Generate a SAS Token for a Blob
get_sas_token generates a SAS token for the specified blob.
By default the token generated is valid for read access for 7 days but permissions can be modified with the
permission keyword, and validity time-frame with the start and end keywords.
The returned string is a full URI for the blob, with the SAS token appended.
>abs.get_sas_token(container_name="MyNewContainer", blob_name="test-blob")
"https://myabsaccount.blob.core.windows.net/MyNewContainer/test-blob?SASTOKENSTRING
See get_sas_token for API details.