msticpy.context.azure.sentinel_dynamic_summary module
Sentinel Dynamic Summary Mixin class.
- class msticpy.context.azure.sentinel_dynamic_summary.SentinelDynamicSummaryMixin
Bases:
object
Mixin class with Sentinel Dynamic Summary integrations.
- create_dynamic_summary(summary: DynamicSummary | None = None, name: str | None = None, description: str | None = None, data: DataFrame | None = None, **kwargs) str | None
Create a Dynamic Summary in the Sentinel Workspace.
- Parameters:
summary (DynamicSummary) – DynamicSummary instance.
name (str) – The name of the dynamic summary to create
description (str) – Dynamic Summary description
data (pd.DataFrame) – The summary data
- Returns:
The name/ID of the dynamic summary.
- Return type:
Optional[str]
- Raises:
MsticpyAzureConnectionError – If API returns an error.
- delete_dynamic_summary(summary_id: str)
Delete the Dynamic Summary for summary_id.
- Parameters:
summary_id (str, optional) – The UUID of the summary to delete.
- Raises:
MsticpyAzureConnectionError – If the API returns an error.
- df_to_dynamic_summaries() List[DynamicSummary]
Return a list of DynamicSummary objects from a DataFrame of summaries.
- Parameters:
data (pd.DataFrame) – DataFrame containing dynamic summaries
- Returns:
List of Dynamic Summary objects.
- Return type:
List[DynamicSummary]
Examples
Use the following steps to obtain a list of dynamic summaries from MS Sentinel and convert to DynamicSummary objects.
query = \"\"\" DynamicSummary | where <some filter criteria> | where SummaryStatus == "Active" or SummaryDataType == "SummaryItem" \"\"\" data = qry_prov.exec_query(query) dyn_summaries = df_to_dynamic_summaries(data)
- df_to_dynamic_summary() DynamicSummary
Return a single DynamicSummary object from a DataFrame.
- Parameters:
data (pd.DataFrame) – DataFrame containing a single dynamic summary plus summary items.
- Returns:
The DynamicSummary object.
- Return type:
Examples
Use the following steps to query a single dynamic summary from MS Sentinel and convert to a DynamicSummary object.
query = \"\"\" DynamicSummary | where SummaryId == "26b95b5e-2645-4d33-91a7-ea3c1b8b4b8b" | where SummaryStatus == "Active" or SummaryDataType == "SummaryItem" \"\"\" data = qry_prov.exec_query(query) dyn_summaries = df_to_dynamic_summary(data)
- get_dynamic_summary(summary_id: str, summary_items=False) DynamicSummary
Return DynamicSummary for ID.
- Parameters:
summary_id (str) – The ID of the Dynamic summary object.
summary_items (bool, optional) – Use a data query to retrieve the dynamic summary along with summary items (data records), by default, false.
- Returns:
DynamicSummary object.
- Return type:
- Raises:
MsticpyAzureConnectionError – If API returns an error.
- list_dynamic_summaries() DataFrame
Return current list of Dynamic Summaries from a Sentinel workspace.
- Returns:
The current Dynamic Summary objects.
- Return type:
pd.DataFrame
- classmethod new_dynamic_summary(**kwargs)
Return a new DynamicSummary object.
Notes
See the DynamicSummary class documentation for details of expected parameters.
See also
DynamicSummary
- update_dynamic_summary(summary: DynamicSummary | None = None, summary_id: str | None = None, data: DataFrame | None = None, **kwargs)
Update a dynamic summary in the Sentinel Workspace.
- Parameters:
summary (DynamicSummary) – DynamicSummary instance.
summary_id (str) – The ID of the summary to update.
data (pd.DataFrame) – The summary data
name (str) – The name of the dynamic summary to create
description (str) – Dynamic Summary description
relation_name (str, optional) – The relation name, by default None
relation_id (str, optional) – The relation ID, by default None
search_key (str, optional) – Search key for the entire summary, by default None
tactics (Union[str, List[str], None], optional) – Relevant MITRE tactics, by default None
techniques (Union[str, List[str], None], optional) – Relevant MITRE techniques, by default None
source_info (str, optional) – Summary source info, by default None
summary_items (Union[pd, DataFrame, Iterable[DynamicSummaryItem],)
List[Dict[str – Collection of summary items, by default None
Any]]] – Collection of summary items, by default None
optional – Collection of summary items, by default None
- Returns:
The name/ID of the dynamic summary.
- Return type:
Optional[str]
- Raises:
MsticpyParameterError – If existing summary_id not supplied.
MsticpyAzureConnectionError – If API returns an error.