msticpy.context.azure.azure_data module

Uses the Azure Python SDK to collect and return details related to Azure.

class msticpy.context.azure.azure_data.AzureData(connect: bool = False, cloud: Optional[str] = None)

Bases: object

Class for returning data on an Azure tenant.

Initialize connector for Azure Python SDK.

connect(auth_methods: Optional[List] = None, tenant_id: Optional[str] = None, silent: bool = False)

Authenticate to the Azure SDK.

Parameters

  • auth_methods (List, optional) – list of preferred authentication methods to use, by default None

  • tenant_id (str, optional) – The tenant to authenticate against. If not supplied, the default tenant for the identity will be used.

  • silent (bool, optional) – Set true to prevent output during auth process, by default False

Raises

CloudError – If no valid credentials are found or if subscription client can’t be created

get_metrics(metrics: str, resource_id: str, sub_id: str, sample_time: str = 'hour', start_time: int = 30) Dict[str, DataFrame]

Return specified metrics on Azure Resource.

Parameters

  • metrics (str) – A string list of metrics you wish to collect (https://docs.microsoft.com/en-us/azure/azure-monitor/platform/metrics-supported)

  • resource_id (str) – The resource ID of the resource to collet the metrics from

  • sub_id (str) – The subscription ID that the resource is part of

  • sample_time (str (Optional)) – You can select to collect the metrics every hour of minute - default is hour Accepted inputs = ‘hour’ or ‘minute’

  • start_time (int (Optional)) – The number of days prior to today to collect metrics for, default is 30

Returns

results – A Dictionary of DataFrames containing the metrics details

Return type

dict

get_network_details(network_id: str, sub_id: str) Tuple[DataFrame, DataFrame]

Return details related to an Azure network interface and associated NSG.

Parameters

  • network_id (str) – The ID of the network interface to return details on

  • sub_id (str) – The subscription ID that the network interface is part of

Returns

details – A dictionary of items related to the network interface

Return type

dict

get_resource_details(sub_id: str, resource_id: Optional[str] = None, resource_details: Optional[dict] = None) dict

Return the details of a specific Azure resource.

Parameters

  • resource_id (str, optional) – The ID of the resource to get details on

  • resource_details (dict, optional) –

    If ID is unknown provide the following details:

    -resource_group_name -resource_provider_namespace -resource_type -resource_name -parent_resource_path

  • sub_id (str) – The ID of the subscription to get resources from

Returns

resource_details – The details of the requested resource

Return type

dict

get_resources(sub_id: str, rgroup: Optional[str] = None, get_props: bool = False) DataFrame

Return details on all resources in a subscription or Resource Group.

Parameters

  • sub_id (str) – The subscription ID to get resources for

  • rgroup (str (Optional)) – The name of a Resource Group to get resources for

  • get_props (bool (Optional)) – Set to True if you want to get the full properties of every resource Warning this may be a slow process depending on the number of resources

Returns

A dataframe of resource details

Return type

pd.DataFrame

get_sentinel_workspaces(sub_id: str) Dict[str, str]

Return a list of Microsoft Sentinel workspaces in a Subscription.

Parameters

sub_id (str) – The subscription ID to get a list of workspaces from. If not provided it will attempt to get sub_id from config files.

Returns

A dictionary of workspace names and ids

Return type

Dict

get_subscription_info(sub_id: str) dict

Get information on a specific subscription.

Parameters

sub_id (str) – The ID of the subscription to return details on.

Returns

Details on the selected subscription.

Return type

dict

Raises

MsticpyNotConnectedError – If .connect() has not been called.

get_subscriptions() DataFrame

Get details of all subscriptions within the tenant.

Returns

Details of the subscriptions present in the users tenant.

Return type

pd.DataFrame

Raises

MsticpyNotConnectedError – If .connect() has not been called

list_sentinel_workspaces(sub_id: str) Dict[str, str]

Return a list of Microsoft Sentinel workspaces in a Subscription.

Parameters

sub_id (str) – The subscription ID to get a list of workspaces from. If not provided it will attempt to get sub_id from config files.

Returns

A dictionary of workspace names and ids

Return type

Dict

class msticpy.context.azure.azure_data.InterfaceItems(interface_id, private_ip, private_ip_allocation, public_ip, public_ip_allocation, app_sec_group, subnet, subnet_nsg, subnet_route_table)

Bases: object

attr class to build network interface details dictionary.

Method generated by attrs for class InterfaceItems.

class msticpy.context.azure.azure_data.Items(resource_id, name, resource_type, location, tags, plan, properties, kind, managed_by, sku, identity, state)

Bases: object

attr class to build resource details dictionary.

Method generated by attrs for class Items.

class msticpy.context.azure.azure_data.NsgItems(rule_name, description, protocol, direction, src_ports, dst_ports, src_addrs, dst_addrs, action)

Bases: object

attr class to build NSG rule dictionary.

Method generated by attrs for class NsgItems.

msticpy.context.azure.azure_data.get_api_headers(token: str) Dict

Return authorization header with current token.

Parameters

token (str) – Azure auth token.

Returns

A dictionary of headers to be used in API calls.

Return type

Dict

msticpy.context.azure.azure_data.get_token(credential: AzCredentials, tenant_id: Optional[str] = None, cloud: Optional[str] = None) str

Extract token from a azure.identity object.

Parameters

  • credential (AzCredentials) – Azure OAuth credentials.

  • tenant_id (str, optional) – The tenant to connect to if not the users home tenant.

  • cloud (str, optional) – The Azure cloud to connect to.

Returns

A token to be used in API calls.

Return type

str