msticpy.context.azure.sentinel_workspaces module

Mixin Class for Sentinel Workspaces.

class msticpy.context.azure.sentinel_workspaces.ParsedUrlComponents(domain, resource_id, tenant_name, res_components, raw_res_id)

Bases: tuple

Create new instance of ParsedUrlComponents(domain, resource_id, tenant_name, res_components, raw_res_id)

count(value, /)

Return number of occurrences of value.

domain

Alias for field number 0

index(value, start=0, stop=9223372036854775807, /)

Return first index of value.

Raises ValueError if the value is not present.

raw_res_id

Alias for field number 4

res_components

Alias for field number 3

resource_id

Alias for field number 1

tenant_name

Alias for field number 2

class msticpy.context.azure.sentinel_workspaces.SentinelWorkspacesMixin

Bases: object

Mixin class for Sentinel workspaces.

classmethod get_resource_id_from_url(portal_url: str) str

Return resource ID components from Sentinel portal URL.

classmethod get_workspace_details_from_url(portal_url: str) Dict[str, Dict[str, str]]

Return workspace settings from portal URL.

Parameters:

portal_url (str) – URL from Sentinel Azure portal

Return type:

Dict[str, Dict[str, str]]

classmethod get_workspace_id(workspace_name: str, subscription_id: str = '', resource_group: str = '') str | None

Return the workspace ID given workspace name.

Parameters:
  • workspace_name (str) – Workspace name (case insensitive)

  • subscription_id (str, optional) – Azure subscription UUID, by default “”

  • resource_group (str, optional) – Azure resource group name, by default “”

Returns:

The ID of the workspace if found, else None

Return type:

Optional[str]

classmethod get_workspace_name(workspace_id: str | None = None, resource_id: str | None = None) str | None

Return resolved name from workspace ID or resource ID.

Parameters:
  • workspace_id (Optional[str], optional) – The UUID of the Sentinel workspace, by default None

  • resource_id (Optional[str], optional) – The Resource ID string of the workspace, by default None

Returns:

The workspace name, if found, else None

Return type:

Optional[str]

Raises:

ValueError – If neither workspace_id or resource_id parameters are supplied.

classmethod get_workspace_settings(workspace_id: str | None = None, resource_id: str | None = None)

Return resolved workspace settings from workspace ID or resource ID.

Parameters:
  • workspace_id (Optional[str], optional) – The UUID of the Sentinel workspace, by default None

  • resource_id (Optional[str], optional) – The Resource ID string of the workspace, by default None

Returns:

The workspace name, if found, else None

Return type:

Dict[str, str]

Raises:

ValueError – If neither workspace_id or resource_id parameters are supplied.

classmethod get_workspace_settings_by_name(workspace_name: str, subscription_id: str = '', resource_group: str = '')

Return the workspace ID given workspace name.

Parameters:
  • workspace_name (str) – Workspace name (case insensitive)

  • subscription_id (str, optional) – Azure subscription UUID, by default “”

  • resource_group (str, optional) – Azure resource group name, by default “”

Returns:

The ID of the workspace if found, else None

Return type:

Optional[str]