msticpy.context.azure.sentinel_search module
Mixin Classes for Sentinel Search Features.
- class msticpy.context.azure.sentinel_search.SentinelSearchlistsMixin
Bases:
objectMixin class for Sentinel Watchlist feature integrations.
- check_search_status(search_name: str) bool
Check the status of a search job.
- Parameters:
search_name (str) – The name of the search job to check.
- Returns:
Returns True if search is ready.
- Return type:
bool
- Raises:
CloudError – If error in checking the search job status.
- create_search(query: str, start: datetime | None = None, end: datetime | None = None, search_name: str | None = None, **kwargs)
Create a Search job.
- Parameters:
query (str) – The KQL query to run as a job.
start (datetime, optional) – The start time for the query, by default 90 days ago.
end (datetime, optional) – The end time for the query, by default now.
search_name (str, optional) – A name to apply to the search, by default a random GUID is generated.
- Raises:
CloudError – If there is an error creating the search job.
- delete_search(search_name: str)
Delete a search result.
- Parameters:
search_name (str) – The name of the search to delete.
- Raises:
CloudError – If an error occurs when attempting to delete the search