msticpy.context.azure.sentinel_utils module

Mixin Classes for Sentinel Utilities.

class msticpy.context.azure.sentinel_utils.SentinelInstanceDetails(subscription_id: str, resource_group: str, workspace_name: str)

Bases: object

Dataclass for Sentinel workspace details.

classmethod from_resource_id(resource_id: str) SentinelInstanceDetails

Return SentinelInstanceDetails from a resource ID.

resource_group: str
property resource_id: str | None

Return the resource ID for the workspace.

subscription_id: str
workspace_name: str
class msticpy.context.azure.sentinel_utils.SentinelUtilsMixin

Bases: object

Mixin class for Sentinel core feature integrations.

check_connected()

Check that Sentinel workspace is connected.

msticpy.context.azure.sentinel_utils.build_sentinel_resource_id(subscription_id: str, resource_group: str, workspace_name: str) str

Build a MS Sentinel resource ID.

Parameters:
  • subscription_id (str) – Subscription ID to use

  • resource_group (str) – Resource Group name to use

  • workspace_name (str) – Workspace name to user

Returns:

The formatted resource ID.

Return type:

str

msticpy.context.azure.sentinel_utils.extract_sentinel_response(items: dict, props: bool = False, **kwargs) dict

Build request data body from items.

Parameters:
  • items (dict) – A set pf items to be formated in the request body.

  • props (bool, optional) – Whether all items are to be built as properities. Default is false.

Returns:

The request body formatted for the API.

Return type:

dict

msticpy.context.azure.sentinel_utils.parse_resource_id(res_id: str) Dict[str, Any]

Extract components from workspace resource ID.

msticpy.context.azure.sentinel_utils.validate_resource_id(res_id)

Validate a Resource ID String and fix if needed.