Reading from and writing to Azure Blob AzureBlobStorage


Azure Blob Storage provides a simple and flexible way to store and access data of any kind. This makes it ideal for storing a range of data relating to security investigations, whether it be raw data to analyze or to store outputs and findings.

This class wraps the Azure Python SDK and integrates it with other MSTICpy features.

Import the module

from import AzureBlobStorage

See azure_blob_storage for API details.

Initialize the class and connect

Azure Blob Storage works on the basis of accounts, these are top level objects under which everything sits. When initializing AzureBlobStorage you need to provide the name of the account you wish to interact with. You then need to authenticate with the connect function. Authentication uses the az_connect feature of MSTICpy and the authentication methods can be customized by passing them to connect with the auth_methods keyword.

abs = AzureBlobStorage("MyABSAccount")

For more details on Azure authentication see Azure Authentication in MSTICPy.

List Containers

Containers returns details on all the containers within an account.

0papermill2020-11-06 21:53:33+00:00"0x8D8829E684FCAA2"NoneFalseNoneNoneFalseNone
1testcontainer2020-11-19 15:22:38+00:00"0x8D88C9EF3328E1F"NoneFalseNoneNoneFalseNone

See containers for API details.

Create a Container

create_container creates a new container within the account.

0MyNewContainer2020-11-25 16:28:54+00:00"0x8D8915F336764B3"NoneFalseNoneNoneFalse

See create_container for API details.

List Blobs

blobs returns details on all the blobs in a container, due to the container scope it is required that you pass this function the name of the container you want to list blobs from.

blobs = abs.blobs(container_name="MyNewContainer")
display(blobs[['name', 'container', 'snapshot', 'blob_type', 'last_modified']])
0test-blobMyNewContainerNoneBlobType.BlockBlob2020-11-25 17:26:44+00:00

See blobs for API details.

Write to a Blob

upload_to_blob writes data to a blob as specified. By default this will overwrite anything in the blob but you can set overwrite=False to stop an overwrite if the blob already has contents. The function returns True if the upload was successful.

>abs.upload_to_blob(blob="Here is some test data", container_name="MyNewContainer", blob_name="test-blob")

See upload_to_blob for API details.

Read from a Blob

get_blob returns the contents of the specified blob.

> blob_contents = abs.get_blob(container_name="MyNewContainer", blob_name="test-blob")
> print(blob_contents)
b"Here is some test data"

See get_blob for API details.

Delete a Blob

delete_blob deletes a blob. By default this will also delete any blob snapshots. Returns True if blob is successfully deleted.

>abs.delete_blob(container_name="MyNewContainer", blob_name="test-blob")

See delete_blob for API details.

Generate a SAS Token for a Blob

get_sas_token generates a SAS token for the specified blob. By default the token generated is valid for read access for 7 days but permissions can be modified with the permission keyword, and validity time-frame with the start and end keywords. The returned string is a full URI for the blob, with the SAS token appended.

>abs.get_sas_token(container_name="MyNewContainer", blob_name="test-blob")

See get_sas_token for API details.