msticpy.context.azure.sentinel_bookmarks module
Mixin Classes for Sentinel Bookmark Features.
- class msticpy.context.azure.sentinel_bookmarks.SentinelBookmarksMixin
Bases:
object
Mixin class with Sentinel Bookmark integrations.
- create_bookmark(name: str, query: str, results: str | None = None, notes: str | None = None, labels: List[str] | None = None) str | None
Create a bookmark in the Sentinel Workspace.
- Parameters:
name (str) – The name of the bookmark to use
query (str) – The KQL query for the bookmark
results (str, optional) – The results of the query to include with the bookmark, by default None
notes (str, optional) – Any notes you want associated with the bookmark, by default None
labels (List[str], optional) – Any labels you want associated with the bookmark, by default None
- Returns:
The name/ID of the bookmark.
- Return type:
Optional[str]
- Raises:
CloudError – If API returns an error.
- delete_bookmark(bookmark: str)
Delete the selected bookmark.
- Parameters:
bookmark (str, optional) – The name or GIUD of the bookmark to delete.
- Raises:
CloudError – If the API returns an error.