msticpy.context.azure.sentinel_bookmarks module

Mixin Classes for Sentinel Bookmark Features.

class msticpy.context.azure.sentinel_bookmarks.SentinelBookmarksMixin

Bases: object

Mixin class with Sentinel Bookmark integrations.

create_bookmark(name: str, query: str, results: Optional[str] = None, notes: Optional[str] = None, labels: Optional[List[str]] = None)

Create a bookmark in the Sentinel Workpsace.

Parameters
  • name (str) – The name of the bookmark to use

  • query (str) – The KQL query for the bookmark

  • results (str, optional) – The results of the query to include with the bookmark, by default None

  • notes (str, optional) – Any notes you want associated with the bookmark, by default None

  • labels (List[str], optional) – Any labels you want associated with the bookmark, by default None

Raises

CloudError – If API retunrs an error.

delete_bookmark(bookmark: str)

Delete the selected bookmark.

Parameters

bookmark (str, optional) – The name or GIUD of the bookmark to delete.

Raises

CloudError – If the API returns an error.

get_bookmarks() DataFrame

Return a list of Bookmarks from a Sentinel workspace.

Returns

A set of bookmarks.

Return type

pd.DataFrame

list_bookmarks() DataFrame

Return a list of Bookmarks from a Sentinel workspace.

Returns

A set of bookmarks.

Return type

pd.DataFrame