msticpy.context.azure.sentinel_incidents module
Mixin Classes for Sentinel Incident Features.
- class msticpy.context.azure.sentinel_incidents.SentinelIncidentsMixin
Bases:
object
Mixin class for Sentinel Incidents feature integrations.
- create_incident(title: str, severity: str, status: str = 'New', description: Optional[str] = None, first_activity_time: Optional[datetime] = None, last_activity_time: Optional[datetime] = None, labels: Optional[List] = None, bookmarks: Optional[List] = None)
Create a Sentinel Incident.
- Parameters
title (str) – The title of the incident to create
severity (str) –
- The severity to assign the incident, options are:
Informational, Low, Medium, High
status (str, optional) – The status to assign the incident, by default “New” Options are: New, Active, Closed
description (str, optional) – A description of the incident, by default None
first_activity_time (datetime, optional) – The start time of the incident activity, by default None
last_activity_time (datetime, optional) – The end time of the incident activity, by default None
labels (List, optional) – Any labels to apply to the incident, by default None
bookmarks (List, optional) – A list of bookmark GUIDS you want to associate with the incident
- Raises
CloudError – If the API returns an error
- get_incident(incident: str, entities: bool = False, alerts: bool = False, comments: bool = False, bookmarks: bool = False) DataFrame
Get details on a specific incident.
- Parameters
incident (str) – Incident ID GUID.
entities (bool, optional) – If True include all entities in the response. Default is False.
alerts (bool, optional) – If True include all alerts in the response. Default is False.
comments (bool, optional) – If True include all comments in the response. Default is False.
bookmarks (bool, optional) – If True include all bookmarks in the response. Default is False.
- Returns
Table containing incident details.
- Return type
pd.DataFrame
- Raises
CloudError – If incident could not be retrieved.
- get_incidents() DataFrame
Get a list of incident for a Sentinel workspace.
- Returns
A table of incidents.
- Return type
pd.DataFrame
- Raises
CloudError – If incidents could not be retrieved.
- list_incidents() DataFrame
Get a list of incident for a Sentinel workspace.
- Returns
A table of incidents.
- Return type
pd.DataFrame
- Raises
CloudError – If incidents could not be retrieved.
- update_incident(incident_id: str, update_items: dict)
Update properties of an incident.
- Parameters
incident_id (str) – Incident ID GUID.
update_items (dict) – Dictionary of properties to update and their values. https://docs.microsoft.com/rest/api/securityinsights/ stable/incidents/create-or-update
- Raises
CloudError – If incident could not be updated.