Reading from and writing to Azure Blob AzureBlobStorage
Description
Azure Blob Storage provides a simple and flexible way to store and access data of any kind. This makes it ideal for storing a range of data relating to security investigations, whether it be raw data to analyze or to store outputs and findings.
This class wraps the Azure Python SDK and integrates it with other MSTICpy features.
Import the module
from msticpy.data.storage import AzureBlobStorage
See azure_blob_storage
for API details.
Initialize the class and connect
Azure Blob Storage works on the basis of accounts, these are top level
objects under which everything sits. When initializing AzureBlobStorage
you need to provide the name of the account you wish to interact with.
You then need to authenticate with the connect
function.
Authentication uses the az_connect
feature of
MSTICpy and the authentication methods can be customized by passing them
to connect
with the auth_methods
keyword.
abs = AzureBlobStorage("MyABSAccount")
abs.connect(auth_methods=["cli"])
For more details on Azure authentication see Azure Authentication in MSTICPy.
List Containers
Containers
returns details on all the containers within an account.
abs.containers()
name | last_modified | etag | public_access | has_immutability_policy | deleted | version | has_legal_hold | metadata | |
---|---|---|---|---|---|---|---|---|---|
0 | papermill | 2020-11-06 21:53:33+00:00 | "0x8D8829E684FCAA2" | None | False | None | None | False | None |
1 | testcontainer | 2020-11-19 15:22:38+00:00 | "0x8D88C9EF3328E1F" | None | False | None | None | False | None |
See containers
for API details.
Create a Container
create_container
creates a new container within the account.
abs.create_container(conatiner_name="MyNewContainer")
name | last_modified | etag | public_access | has_immutability_policy | deleted | version | has_legal_hold | |
---|---|---|---|---|---|---|---|---|
0 | MyNewContainer | 2020-11-25 16:28:54+00:00 | "0x8D8915F336764B3" | None | False | None | None | False |
See create_container
for API details.
List Blobs
blobs
returns details on all the blobs in a container, due to the container scope it is required that you pass this function
the name of the container you want to list blobs from.
blobs = abs.blobs(container_name="MyNewContainer")
display(blobs[['name', 'container', 'snapshot', 'blob_type', 'last_modified']])
name | container | snapshot | blob_type | last_modified | |
---|---|---|---|---|---|
0 | test-blob | MyNewContainer | None | BlobType.BlockBlob | 2020-11-25 17:26:44+00:00 |
See blobs
for API details.
Write to a Blob
upload_to_blob
writes data to a blob as specified. By default this will overwrite anything in the blob
but you can set overwrite=False
to stop an overwrite if the blob already has contents.
The function returns True if the upload was successful.
>abs.upload_to_blob(blob="Here is some test data", container_name="MyNewContainer", blob_name="test-blob")
True
See upload_to_blob
for API details.
Read from a Blob
get_blob
returns the contents of the specified blob.
> blob_contents = abs.get_blob(container_name="MyNewContainer", blob_name="test-blob")
> print(blob_contents)
b"Here is some test data"
See get_blob
for API details.
Delete a Blob
delete_blob
deletes a blob. By default this will also delete any blob snapshots.
Returns True if blob is successfully deleted.
>abs.delete_blob(container_name="MyNewContainer", blob_name="test-blob")
True
See delete_blob
for API details.
Generate a SAS Token for a Blob
get_sas_token
generates a SAS token for the specified blob.
By default the token generated is valid for read access for 7 days but permissions can be modified with the
permission
keyword, and validity time-frame with the start
and end
keywords.
The returned string is a full URI for the blob, with the SAS token appended.
>abs.get_sas_token(container_name="MyNewContainer", blob_name="test-blob")
"https://myabsaccount.blob.core.windows.net/MyNewContainer/test-blob?SASTOKENSTRING
See get_sas_token
for API details.