msticpy.context.azure.sentinel_watchlists module

Mixin Classes for Sentinel Watchlist Features.

class msticpy.context.azure.sentinel_watchlists.SentinelWatchlistsMixin

Bases: object

Mixin class for Sentinel Watchlist feature integrations.

add_watchlist_item(watchlist_name: str, item: Union[Dict, Series, DataFrame], overwrite: bool = False)

Add or update an item in a Watchlist.

Parameters

  • watchlist_name (str) – The name of the watchlist to add items to

  • item (Union[Dict, pd.Series, pd.DataFrame]) – The item to add, this can be a dictionary of valies, a Pandas Series, or DataFrame

  • overwrite (bool, optional) – Wether you want to overwrite an item if it already exists in the watchlist, by default False

Raises

  • MsticpyUserError – If the specified Watchlist does not exist.

  • MsticpyUserError – If the item already exists in the Watchlist and overwrite is set to False

  • CloudError – If the API returns an error.

create_watchlist(watchlist_name: str, description: str, search_key: str, provider: str = 'MSTICPy', source: str = 'Notebook', data: Optional[DataFrame] = None)

Create a new watchlist.

Parameters

  • watchlist_name (str) – The name of the watchlist you want to create, this can’t be the name of an existing watchlist.

  • description (str) – A description of the watchlist to be created.

  • search_key (str) – The search key is used to optimize query performance when using watchlists for joins with other data. This should be the key column that will be used in the watchlist when joining to other data tables.

  • provider (str, optional) – This is the label attached to the watchlist showing who created it, by default “MSTICPy”

  • source (str, optional) – The source of the data to be put in the watchlist, by default “Notebook”

  • data (pd.DataFrame, optional) – The data you want to upload to the watchlist

Raises

  • MsticpyUserError – Raised if the watchlist name already exists.

  • CloudError – If there is an issue creating the watchlist.

delete_watchlist(watchlist_name: str)

Delete a selected Watchlist.

Parameters

watchlist_name (str) – The name of the Watchlist to deleted

Raises

  • MsticpyUserError – If Watchlist does not exist.

  • CloudError – If the API returns an error.

list_watchlist_items(watchlist_name: str) DataFrame

List items in a watchlist.

Parameters

watchlist_name (str) – The name of the watchlist to get items from

Returns

A DataFrame containing the watchlists

Return type

pd.DataFrame

Raises

CloudError – If a valid result is not returned.

list_watchlists() DataFrame

List Deployed Watchlists.

Returns

A DataFrame containing the watchlists

Return type

pd.DataFrame

Raises

CloudError – If a valid result is not returned.