msticpy.datamodel.entities package
Entity sub-package.
- class msticpy.datamodel.entities.Ip(src_entity: Mapping[str, Any] | None = None, src_event: Mapping[str, Any] | None = None, **kwargs)
Bases:
IpAddress
Alias for IpAddress.
Create a new instance of the entity type.
- Parameters:
src_entity (Mapping[str, Any], optional) – Create entity from existing entity or other mapping object that implements entity properties. (the default is None)
src_event (Mapping[str, Any], optional) – Create entity from event properties (the default is None)
kwargs (Dict[str, Any]) – Supply the entity properties as a set of kw arguments.
- ENTITY_NAME_MAP: Dict[str, type] = {'ServicePrincipal': <class 'msticpy.datamodel.entities.service_principal.ServicePrincipal'>, 'SubmissionMail': <class 'msticpy.datamodel.entities.submission_mail.SubmissionMail'>, 'account': <class 'msticpy.datamodel.entities.account.Account'>, 'alert': <class 'msticpy.datamodel.entities.alert.Alert'>, 'alerts': <class 'msticpy.datamodel.entities.alert.Alert'>, 'azure-resource': <class 'msticpy.datamodel.entities.azure_resource.AzureResource'>, 'azureresource': <class 'msticpy.datamodel.entities.azure_resource.AzureResource'>, 'cloud-application': <class 'msticpy.datamodel.entities.cloud_application.CloudApplication'>, 'cloud-logon-session': <class 'msticpy.datamodel.entities.cloud_logon_session.CloudLogonSession'>, 'cloudapplication': <class 'msticpy.datamodel.entities.cloud_application.CloudApplication'>, 'cloudlogonsession': <class 'msticpy.datamodel.entities.cloud_logon_session.CloudLogonSession'>, 'dns': <class 'msticpy.datamodel.entities.dns.Dns'>, 'dnsresolve': <class 'msticpy.datamodel.entities.dns.Dns'>, 'file': <class 'msticpy.datamodel.entities.file.File'>, 'filehash': <class 'msticpy.datamodel.entities.file_hash.FileHash'>, 'geolocation': <class 'msticpy.datamodel.entities.geo_location.GeoLocation'>, 'host': <class 'msticpy.datamodel.entities.host.Host'>, 'host-logon-session': <class 'msticpy.datamodel.entities.host_logon_session.HostLogonSession'>, 'hostlogonsession': <class 'msticpy.datamodel.entities.host_logon_session.HostLogonSession'>, 'incident': <class 'msticpy.datamodel.soc.incident.Incident'>, 'iotdevice': <class 'msticpy.datamodel.entities.iot_device.IoTDevice'>, 'ip': <class 'msticpy.datamodel.entities.ip_address.IpAddress'>, 'ipaddress': <class 'msticpy.datamodel.entities.ip_address.IpAddress'>, 'location': <class 'msticpy.datamodel.entities.geo_location.GeoLocation'>, 'machine': <class 'msticpy.datamodel.entities.Machine'>, 'mail-cluster': <class 'msticpy.datamodel.entities.mail_cluster.MailCluster'>, 'mail-message': <class 'msticpy.datamodel.entities.mail_message.MailMessage'>, 'mailbox': <class 'msticpy.datamodel.entities.mailbox.Mailbox'>, 'mailboxconfiguration': <class 'msticpy.datamodel.entities.mailbox_configuration.MailboxConfiguration'>, 'mailcluster': <class 'msticpy.datamodel.entities.mail_cluster.MailCluster'>, 'mailmessage': <class 'msticpy.datamodel.entities.mail_message.MailMessage'>, 'malware': <class 'msticpy.datamodel.entities.malware.Malware'>, 'network-connection': <class 'msticpy.datamodel.entities.network_connection.NetworkConnection'>, 'networkconnection': <class 'msticpy.datamodel.entities.network_connection.NetworkConnection'>, 'oauthapplication': <class 'msticpy.datamodel.entities.oauth_application.OAuthApplication'>, 'process': <class 'msticpy.datamodel.entities.process.Process'>, 'registry-key': <class 'msticpy.datamodel.entities.registry_key.RegistryKey'>, 'registry-value': <class 'msticpy.datamodel.entities.registry_value.RegistryValue'>, 'registrykey': <class 'msticpy.datamodel.entities.registry_key.RegistryKey'>, 'registryvalue': <class 'msticpy.datamodel.entities.registry_value.RegistryValue'>, 'security-group': <class 'msticpy.datamodel.entities.security_group.SecurityGroup'>, 'securitygroup': <class 'msticpy.datamodel.entities.security_group.SecurityGroup'>, 'threatintelligence': <class 'msticpy.datamodel.entities.threat_intelligence.Threatintelligence'>, 'unknown': <class 'msticpy.datamodel.entities.unknown_entity.UnknownEntity'>, 'url': <class 'msticpy.datamodel.entities.url.Url'>, 'user': <class 'msticpy.datamodel.entities.User'>}
- ID_PROPERTIES: List[str] = ['Address']
- JSONEncoder
alias of
_EntityJSONEncoder
- add_edge(target: Node, edge_attrs: Dict[str, Any] | None = None)
Add an edge between self and target.
- Parameters:
target (Node) – Target node.
edge_attrs (Optional[Dict[str, Any]], optional) – Attributes to assign to new edge, by default None
- can_merge(other: Any) bool
Return True if the entities can be merged.
- Parameters:
other (Any) – The other entity (object) to check
- Returns:
True if other has no conflicting properties.
- Return type:
bool
- classmethod create(src_entity: Mapping[str, Any] | None = None, **kwargs) Entity
Create an entity from a mapping type (e.g. pd.Series) or dict or kwargs.
- Returns:
Instantiated entity
- Return type:
Notes
The entity type should be specified as “Type”, in either a key of src_entity or as a keyword argument.
- classmethod del_pivot_shortcut(func_name: str)
Remove a pivot shortcut.
- Parameters:
func_name (str) – The name of the shortcut function.
- Raises:
AttributeError – The class does not have an attribute func_name
TypeError – The attribute to delete is not a pivot shortcut.
- property description_str: str
Return Entity Description.
- classmethod get_pivot_list(search_str: str | None = None) List[str]
Return list of current pivot functions.
- Returns:
List of pivot functions assigned to entity.
- Return type:
List[str]
- has_edge(other)
Return True if node has an edge with other.
- classmethod instantiate_entity(raw_entity: Mapping[str, Any], entity_type: Type | None = None) Entity | Mapping[str, Any]
Class factory to return entity from raw dictionary representation.
- Parameters:
raw_entity (Mapping[str, Any]) – A mapping object (e.g. dictionary or pandas Series) that contains the properties of the entity.
entity_type (Optional[Type]) – The entity type to create, by default None.
- Returns:
The instantiated entity
- Return type:
- property ip_address: IPv4Address | IPv6Address | None
Return a python IP address object from the entity property.
- is_equivalent(other: Any) bool
Return True if the entities are equivalent.
- Parameters:
other (Any) – The entity to check
- Returns:
True if equivalent.
- Return type:
bool
Notes
This method checks that the compared entities do not have any property values with conflicting values. E.g. self.A == other.A self.B == “xyz” and other.B == None self.C == [] and other.C == [1, 2, 3]
- list_pivot_funcs()
Print list of pivot functions assigned to entity.
- classmethod make_pivot_shortcut(func_name: str, target: str, overwrite: bool = False)
Add a shortcut to a pivot function to the class.
- Parameters:
func_name (str) – The name of source pivot function.
target (str) – The shortcut name (this will be a member function of the class)
overwrite (bool, optional) – Force overwrite an existing pivot function, by default False
- Raises:
AttributeError – The source function does not exist
TypeError – The source function is not a pivot function.
TypeError – The target attribute exists and is not a pivot function
AttributeError – The target function exists and ‘overwrite=True’ was not specified.
- merge(other: Any) Entity
Merge with other entity to create new entity.
- Returns:
Merged entity.
- Return type:
- Raises:
AttributeError – If the entities cannot be merged.
- property name_str: str
Return Entity Name.
- property node_properties: Dict[str, Any]
Return all public properties that are not entities.
- Returns:
Dictionary of name, value properties.
- Return type:
Dict[str, Any]
- classmethod pivots(search_str: str | None = None) List[str]
Return list of current pivot functions.
- Returns:
List of pivot functions assigned to entity.
- Return type:
List[str]
- property properties: dict
Return dictionary properties of entity.
- Returns:
Entity properties.
- Return type:
dict
- to_html() str
Return HTML representation of entity.
- Returns:
HTML representation of entity
- Return type:
str
- to_json()
Return object as a JSON string.
- to_networkx(graph: networkx.Graph | None = None) networkx.Graph
Return networkx graph of entities.
- Parameters:
graph (nx.Graph, optional) – Graph to add entities to. If not supplied the function creates and returns a new graph. By default None
- Returns:
Graph with entity and any connected entities.
- Return type:
nx.Graph
- class msticpy.datamodel.entities.Machine(src_entity: Mapping[str, Any] | None = None, src_event: Mapping[str, Any] | None = None, **kwargs)
Bases:
Host
Alias for Host.
Create a new instance of the entity type.
- Parameters:
src_entity (Mapping[str, Any], optional) – Create entity from existing entity or other mapping object that implements entity properties. (the default is None)
src_event (Mapping[str, Any], optional) – Create entity from event properties (the default is None)
kwargs (Dict[str, Any]) – Supply the entity properties as a set of kw arguments.
- DeviceName = None
- ENTITY_NAME_MAP: Dict[str, type] = {'ServicePrincipal': <class 'msticpy.datamodel.entities.service_principal.ServicePrincipal'>, 'SubmissionMail': <class 'msticpy.datamodel.entities.submission_mail.SubmissionMail'>, 'account': <class 'msticpy.datamodel.entities.account.Account'>, 'alert': <class 'msticpy.datamodel.entities.alert.Alert'>, 'alerts': <class 'msticpy.datamodel.entities.alert.Alert'>, 'azure-resource': <class 'msticpy.datamodel.entities.azure_resource.AzureResource'>, 'azureresource': <class 'msticpy.datamodel.entities.azure_resource.AzureResource'>, 'cloud-application': <class 'msticpy.datamodel.entities.cloud_application.CloudApplication'>, 'cloud-logon-session': <class 'msticpy.datamodel.entities.cloud_logon_session.CloudLogonSession'>, 'cloudapplication': <class 'msticpy.datamodel.entities.cloud_application.CloudApplication'>, 'cloudlogonsession': <class 'msticpy.datamodel.entities.cloud_logon_session.CloudLogonSession'>, 'dns': <class 'msticpy.datamodel.entities.dns.Dns'>, 'dnsresolve': <class 'msticpy.datamodel.entities.dns.Dns'>, 'file': <class 'msticpy.datamodel.entities.file.File'>, 'filehash': <class 'msticpy.datamodel.entities.file_hash.FileHash'>, 'geolocation': <class 'msticpy.datamodel.entities.geo_location.GeoLocation'>, 'host': <class 'msticpy.datamodel.entities.host.Host'>, 'host-logon-session': <class 'msticpy.datamodel.entities.host_logon_session.HostLogonSession'>, 'hostlogonsession': <class 'msticpy.datamodel.entities.host_logon_session.HostLogonSession'>, 'incident': <class 'msticpy.datamodel.soc.incident.Incident'>, 'iotdevice': <class 'msticpy.datamodel.entities.iot_device.IoTDevice'>, 'ip': <class 'msticpy.datamodel.entities.ip_address.IpAddress'>, 'ipaddress': <class 'msticpy.datamodel.entities.ip_address.IpAddress'>, 'location': <class 'msticpy.datamodel.entities.geo_location.GeoLocation'>, 'machine': <class 'msticpy.datamodel.entities.Machine'>, 'mail-cluster': <class 'msticpy.datamodel.entities.mail_cluster.MailCluster'>, 'mail-message': <class 'msticpy.datamodel.entities.mail_message.MailMessage'>, 'mailbox': <class 'msticpy.datamodel.entities.mailbox.Mailbox'>, 'mailboxconfiguration': <class 'msticpy.datamodel.entities.mailbox_configuration.MailboxConfiguration'>, 'mailcluster': <class 'msticpy.datamodel.entities.mail_cluster.MailCluster'>, 'mailmessage': <class 'msticpy.datamodel.entities.mail_message.MailMessage'>, 'malware': <class 'msticpy.datamodel.entities.malware.Malware'>, 'network-connection': <class 'msticpy.datamodel.entities.network_connection.NetworkConnection'>, 'networkconnection': <class 'msticpy.datamodel.entities.network_connection.NetworkConnection'>, 'oauthapplication': <class 'msticpy.datamodel.entities.oauth_application.OAuthApplication'>, 'process': <class 'msticpy.datamodel.entities.process.Process'>, 'registry-key': <class 'msticpy.datamodel.entities.registry_key.RegistryKey'>, 'registry-value': <class 'msticpy.datamodel.entities.registry_value.RegistryValue'>, 'registrykey': <class 'msticpy.datamodel.entities.registry_key.RegistryKey'>, 'registryvalue': <class 'msticpy.datamodel.entities.registry_value.RegistryValue'>, 'security-group': <class 'msticpy.datamodel.entities.security_group.SecurityGroup'>, 'securitygroup': <class 'msticpy.datamodel.entities.security_group.SecurityGroup'>, 'threatintelligence': <class 'msticpy.datamodel.entities.threat_intelligence.Threatintelligence'>, 'unknown': <class 'msticpy.datamodel.entities.unknown_entity.UnknownEntity'>, 'url': <class 'msticpy.datamodel.entities.url.Url'>, 'user': <class 'msticpy.datamodel.entities.User'>}
- property FullName: str | None
Return the full name of the host - either FQDN or Netbiosname.
- ID_PROPERTIES: List[str] = ['fqdn', 'AzureID', 'OMSAgentID', 'DeviceId']
- JSONEncoder
alias of
_EntityJSONEncoder
- add_edge(target: Node, edge_attrs: Dict[str, Any] | None = None)
Add an edge between self and target.
- Parameters:
target (Node) – Target node.
edge_attrs (Optional[Dict[str, Any]], optional) – Attributes to assign to new edge, by default None
- can_merge(other: Any) bool
Return True if the entities can be merged.
- Parameters:
other (Any) – The other entity (object) to check
- Returns:
True if other has no conflicting properties.
- Return type:
bool
- property computer: str | None
Return computer from source event.
- classmethod create(src_entity: Mapping[str, Any] | None = None, **kwargs) Entity
Create an entity from a mapping type (e.g. pd.Series) or dict or kwargs.
- Returns:
Instantiated entity
- Return type:
Notes
The entity type should be specified as “Type”, in either a key of src_entity or as a keyword argument.
- classmethod del_pivot_shortcut(func_name: str)
Remove a pivot shortcut.
- Parameters:
func_name (str) – The name of the shortcut function.
- Raises:
AttributeError – The class does not have an attribute func_name
TypeError – The attribute to delete is not a pivot shortcut.
- property description_str: str
Return Entity Description.
- property fqdn: str | None
Construct FQDN from host + dns.
- classmethod get_pivot_list(search_str: str | None = None) List[str]
Return list of current pivot functions.
- Returns:
List of pivot functions assigned to entity.
- Return type:
List[str]
- has_edge(other)
Return True if node has an edge with other.
- classmethod instantiate_entity(raw_entity: Mapping[str, Any], entity_type: Type | None = None) Entity | Mapping[str, Any]
Class factory to return entity from raw dictionary representation.
- Parameters:
raw_entity (Mapping[str, Any]) – A mapping object (e.g. dictionary or pandas Series) that contains the properties of the entity.
entity_type (Optional[Type]) – The entity type to create, by default None.
- Returns:
The instantiated entity
- Return type:
- is_equivalent(other: Any) bool
Return True if the entities are equivalent.
- Parameters:
other (Any) – The entity to check
- Returns:
True if equivalent.
- Return type:
bool
Notes
This method checks that the compared entities do not have any property values with conflicting values. E.g. self.A == other.A self.B == “xyz” and other.B == None self.C == [] and other.C == [1, 2, 3]
- list_pivot_funcs()
Print list of pivot functions assigned to entity.
- classmethod make_pivot_shortcut(func_name: str, target: str, overwrite: bool = False)
Add a shortcut to a pivot function to the class.
- Parameters:
func_name (str) – The name of source pivot function.
target (str) – The shortcut name (this will be a member function of the class)
overwrite (bool, optional) – Force overwrite an existing pivot function, by default False
- Raises:
AttributeError – The source function does not exist
TypeError – The source function is not a pivot function.
TypeError – The target attribute exists and is not a pivot function
AttributeError – The target function exists and ‘overwrite=True’ was not specified.
- merge(other: Any) Entity
Merge with other entity to create new entity.
- Returns:
Merged entity.
- Return type:
- Raises:
AttributeError – If the entities cannot be merged.
- property name_str: str
Return Entity Name.
- property node_properties: Dict[str, Any]
Return all public properties that are not entities.
- Returns:
Dictionary of name, value properties.
- Return type:
Dict[str, Any]
- classmethod pivots(search_str: str | None = None) List[str]
Return list of current pivot functions.
- Returns:
List of pivot functions assigned to entity.
- Return type:
List[str]
- property properties: dict
Return dictionary properties of entity.
- Returns:
Entity properties.
- Return type:
dict
- to_html() str
Return HTML representation of entity.
- Returns:
HTML representation of entity
- Return type:
str
- to_json()
Return object as a JSON string.
- to_networkx(graph: networkx.Graph | None = None) networkx.Graph
Return networkx graph of entities.
- Parameters:
graph (nx.Graph, optional) – Graph to add entities to. If not supplied the function creates and returns a new graph. By default None
- Returns:
Graph with entity and any connected entities.
- Return type:
nx.Graph
- class msticpy.datamodel.entities.User(src_entity: Mapping[str, Any] | None = None, src_event: Mapping[str, Any] | None = None, role: str = 'subject', **kwargs)
Bases:
Account
Alias for Account.
Create a new instance of the entity type.
- Parameters:
src_entity (Mapping[str, Any], optional) – Create entity from existing Account entity or other mapping object that implements entity properties. (the default is None)
src_event (Mapping[str, Any], optional) – Create entity from event properties (the default is None)
role (str, optional) – ‘subject’ or ‘target’ - only relevant if the entity is being constructed from an event. (the default is ‘subject’)
kwargs (Dict[str, Any]) – Supply the entity properties as a set of kw arguments.
- property AadUserId: str | None
Return the Azure AD user ID or the ObjectGuid.
- ENTITY_NAME_MAP: Dict[str, type] = {'ServicePrincipal': <class 'msticpy.datamodel.entities.service_principal.ServicePrincipal'>, 'SubmissionMail': <class 'msticpy.datamodel.entities.submission_mail.SubmissionMail'>, 'account': <class 'msticpy.datamodel.entities.account.Account'>, 'alert': <class 'msticpy.datamodel.entities.alert.Alert'>, 'alerts': <class 'msticpy.datamodel.entities.alert.Alert'>, 'azure-resource': <class 'msticpy.datamodel.entities.azure_resource.AzureResource'>, 'azureresource': <class 'msticpy.datamodel.entities.azure_resource.AzureResource'>, 'cloud-application': <class 'msticpy.datamodel.entities.cloud_application.CloudApplication'>, 'cloud-logon-session': <class 'msticpy.datamodel.entities.cloud_logon_session.CloudLogonSession'>, 'cloudapplication': <class 'msticpy.datamodel.entities.cloud_application.CloudApplication'>, 'cloudlogonsession': <class 'msticpy.datamodel.entities.cloud_logon_session.CloudLogonSession'>, 'dns': <class 'msticpy.datamodel.entities.dns.Dns'>, 'dnsresolve': <class 'msticpy.datamodel.entities.dns.Dns'>, 'file': <class 'msticpy.datamodel.entities.file.File'>, 'filehash': <class 'msticpy.datamodel.entities.file_hash.FileHash'>, 'geolocation': <class 'msticpy.datamodel.entities.geo_location.GeoLocation'>, 'host': <class 'msticpy.datamodel.entities.host.Host'>, 'host-logon-session': <class 'msticpy.datamodel.entities.host_logon_session.HostLogonSession'>, 'hostlogonsession': <class 'msticpy.datamodel.entities.host_logon_session.HostLogonSession'>, 'incident': <class 'msticpy.datamodel.soc.incident.Incident'>, 'iotdevice': <class 'msticpy.datamodel.entities.iot_device.IoTDevice'>, 'ip': <class 'msticpy.datamodel.entities.ip_address.IpAddress'>, 'ipaddress': <class 'msticpy.datamodel.entities.ip_address.IpAddress'>, 'location': <class 'msticpy.datamodel.entities.geo_location.GeoLocation'>, 'machine': <class 'msticpy.datamodel.entities.Machine'>, 'mail-cluster': <class 'msticpy.datamodel.entities.mail_cluster.MailCluster'>, 'mail-message': <class 'msticpy.datamodel.entities.mail_message.MailMessage'>, 'mailbox': <class 'msticpy.datamodel.entities.mailbox.Mailbox'>, 'mailboxconfiguration': <class 'msticpy.datamodel.entities.mailbox_configuration.MailboxConfiguration'>, 'mailcluster': <class 'msticpy.datamodel.entities.mail_cluster.MailCluster'>, 'mailmessage': <class 'msticpy.datamodel.entities.mail_message.MailMessage'>, 'malware': <class 'msticpy.datamodel.entities.malware.Malware'>, 'network-connection': <class 'msticpy.datamodel.entities.network_connection.NetworkConnection'>, 'networkconnection': <class 'msticpy.datamodel.entities.network_connection.NetworkConnection'>, 'oauthapplication': <class 'msticpy.datamodel.entities.oauth_application.OAuthApplication'>, 'process': <class 'msticpy.datamodel.entities.process.Process'>, 'registry-key': <class 'msticpy.datamodel.entities.registry_key.RegistryKey'>, 'registry-value': <class 'msticpy.datamodel.entities.registry_value.RegistryValue'>, 'registrykey': <class 'msticpy.datamodel.entities.registry_key.RegistryKey'>, 'registryvalue': <class 'msticpy.datamodel.entities.registry_value.RegistryValue'>, 'security-group': <class 'msticpy.datamodel.entities.security_group.SecurityGroup'>, 'securitygroup': <class 'msticpy.datamodel.entities.security_group.SecurityGroup'>, 'threatintelligence': <class 'msticpy.datamodel.entities.threat_intelligence.Threatintelligence'>, 'unknown': <class 'msticpy.datamodel.entities.unknown_entity.UnknownEntity'>, 'url': <class 'msticpy.datamodel.entities.url.Url'>, 'user': <class 'msticpy.datamodel.entities.User'>}
- ID_PROPERTIES: List[str] = ['QualifiedName', 'Sid', 'AadUserId', 'PUID', 'ObjectGuid']
- JSONEncoder
alias of
_EntityJSONEncoder
- UPN = None
- Upn = None
- add_edge(target: Node, edge_attrs: Dict[str, Any] | None = None)
Add an edge between self and target.
- Parameters:
target (Node) – Target node.
edge_attrs (Optional[Dict[str, Any]], optional) – Attributes to assign to new edge, by default None
- can_merge(other: Any) bool
Return True if the entities can be merged.
- Parameters:
other (Any) – The other entity (object) to check
- Returns:
True if other has no conflicting properties.
- Return type:
bool
- classmethod create(src_entity: Mapping[str, Any] | None = None, **kwargs) Entity
Create an entity from a mapping type (e.g. pd.Series) or dict or kwargs.
- Returns:
Instantiated entity
- Return type:
Notes
The entity type should be specified as “Type”, in either a key of src_entity or as a keyword argument.
- classmethod del_pivot_shortcut(func_name: str)
Remove a pivot shortcut.
- Parameters:
func_name (str) – The name of the shortcut function.
- Raises:
AttributeError – The class does not have an attribute func_name
TypeError – The attribute to delete is not a pivot shortcut.
- property description_str: str
Return Entity Description.
- classmethod get_pivot_list(search_str: str | None = None) List[str]
Return list of current pivot functions.
- Returns:
List of pivot functions assigned to entity.
- Return type:
List[str]
- has_edge(other)
Return True if node has an edge with other.
- classmethod instantiate_entity(raw_entity: Mapping[str, Any], entity_type: Type | None = None) Entity | Mapping[str, Any]
Class factory to return entity from raw dictionary representation.
- Parameters:
raw_entity (Mapping[str, Any]) – A mapping object (e.g. dictionary or pandas Series) that contains the properties of the entity.
entity_type (Optional[Type]) – The entity type to create, by default None.
- Returns:
The instantiated entity
- Return type:
- is_equivalent(other: Any) bool
Return True if the entities are equivalent.
- Parameters:
other (Any) – The entity to check
- Returns:
True if equivalent.
- Return type:
bool
Notes
This method checks that the compared entities do not have any property values with conflicting values. E.g. self.A == other.A self.B == “xyz” and other.B == None self.C == [] and other.C == [1, 2, 3]
- list_pivot_funcs()
Print list of pivot functions assigned to entity.
- classmethod make_pivot_shortcut(func_name: str, target: str, overwrite: bool = False)
Add a shortcut to a pivot function to the class.
- Parameters:
func_name (str) – The name of source pivot function.
target (str) – The shortcut name (this will be a member function of the class)
overwrite (bool, optional) – Force overwrite an existing pivot function, by default False
- Raises:
AttributeError – The source function does not exist
TypeError – The source function is not a pivot function.
TypeError – The target attribute exists and is not a pivot function
AttributeError – The target function exists and ‘overwrite=True’ was not specified.
- merge(other: Any) Entity
Merge with other entity to create new entity.
- Returns:
Merged entity.
- Return type:
- Raises:
AttributeError – If the entities cannot be merged.
- property name_str: str
Return Entity Name.
- property node_properties: Dict[str, Any]
Return all public properties that are not entities.
- Returns:
Dictionary of name, value properties.
- Return type:
Dict[str, Any]
- classmethod pivots(search_str: str | None = None) List[str]
Return list of current pivot functions.
- Returns:
List of pivot functions assigned to entity.
- Return type:
List[str]
- property properties: dict
Return dictionary properties of entity.
- Returns:
Entity properties.
- Return type:
dict
- property qualified_name: str
Windows qualified account name.
- to_html() str
Return HTML representation of entity.
- Returns:
HTML representation of entity
- Return type:
str
- to_json()
Return object as a JSON string.
- to_networkx(graph: networkx.Graph | None = None) networkx.Graph
Return networkx graph of entities.
- Parameters:
graph (nx.Graph, optional) – Graph to add entities to. If not supplied the function creates and returns a new graph. By default None
- Returns:
Graph with entity and any connected entities.
- Return type:
nx.Graph
- msticpy.datamodel.entities.entity_classes() List[type]
Return a list of all entity classes.
- msticpy.datamodel.entities.find_entity(entity)
Find entity name.
- msticpy.datamodel.entities.list_entities() List[str]
List entities.
Submodules
- msticpy.datamodel.entities.account module
Account
Account.Name
Account.NTDomain
Account.UPNSuffix
Account.Host
Account.LogonId
Account.Sid
Account.AadTenantId
Account.AadUserId
Account.PUID
Account.IsDomainJoined
Account.DisplayName
Account.ObjectGuid
Account.Upn
Account.AadUserId
Account.ENTITY_NAME_MAP
Account.ID_PROPERTIES
Account.JSONEncoder
Account.UPN
Account.Upn
Account.add_edge()
Account.can_merge()
Account.create()
Account.del_pivot_shortcut()
Account.description_str
Account.get_pivot_list()
Account.has_edge()
Account.instantiate_entity()
Account.is_equivalent()
Account.list_pivot_funcs()
Account.make_pivot_shortcut()
Account.merge()
Account.name_str
Account.node_properties
Account.pivots()
Account.properties
Account.qualified_name
Account.to_html()
Account.to_json()
Account.to_networkx()
- msticpy.datamodel.entities.alert module
Alert
Alert.AlertDisplayName
Alert.CompromisedEntity
Alert.Count
Alert.StartTimeUtc
Alert.EndTimeUtc
Alert.Severity
Alert.SystemAlertIds
Alert.AlertType
Alert.VendorName
Alert.ProviderName
Alert.AlertId
Alert.ENTITY_NAME_MAP
Alert.ID_PROPERTIES
Alert.JSONEncoder
Alert.add_edge()
Alert.can_merge()
Alert.create()
Alert.del_pivot_shortcut()
Alert.description_str
Alert.get_pivot_list()
Alert.has_edge()
Alert.instantiate_entity()
Alert.is_equivalent()
Alert.list_pivot_funcs()
Alert.make_pivot_shortcut()
Alert.merge()
Alert.name_str
Alert.node_properties
Alert.pivots()
Alert.properties
Alert.to_html()
Alert.to_json()
Alert.to_networkx()
- msticpy.datamodel.entities.azure_resource module
AzureResource
AzureResource.ResourceId
AzureResource.ResourceIdParts
AzureResource.ENTITY_NAME_MAP
AzureResource.ID_PROPERTIES
AzureResource.JSONEncoder
AzureResource.Provider
AzureResource.ResourceGroup
AzureResource.SubscriptionId
AzureResource.add_edge()
AzureResource.can_merge()
AzureResource.create()
AzureResource.del_pivot_shortcut()
AzureResource.description_str
AzureResource.get_pivot_list()
AzureResource.has_edge()
AzureResource.instantiate_entity()
AzureResource.is_equivalent()
AzureResource.list_pivot_funcs()
AzureResource.make_pivot_shortcut()
AzureResource.merge()
AzureResource.name_str
AzureResource.node_properties
AzureResource.pivots()
AzureResource.properties
AzureResource.to_html()
AzureResource.to_json()
AzureResource.to_networkx()
- msticpy.datamodel.entities.cloud_application module
CloudApplication
CloudApplication.Name
CloudApplication.AppId
CloudApplication.InstanceName
CloudApplication.ENTITY_NAME_MAP
CloudApplication.ID_PROPERTIES
CloudApplication.JSONEncoder
CloudApplication.add_edge()
CloudApplication.can_merge()
CloudApplication.create()
CloudApplication.del_pivot_shortcut()
CloudApplication.description_str
CloudApplication.get_pivot_list()
CloudApplication.has_edge()
CloudApplication.instantiate_entity()
CloudApplication.is_equivalent()
CloudApplication.list_pivot_funcs()
CloudApplication.make_pivot_shortcut()
CloudApplication.merge()
CloudApplication.name_str
CloudApplication.node_properties
CloudApplication.pivots()
CloudApplication.properties
CloudApplication.to_html()
CloudApplication.to_json()
CloudApplication.to_networkx()
- msticpy.datamodel.entities.cloud_logon_session module
CloudLogonSession
CloudLogonSession.SessionId
CloudLogonSession.Account
CloudLogonSession.UserAgent
CloudLogonSession.StartTime
CloudLogonSession.ENTITY_NAME_MAP
CloudLogonSession.ID_PROPERTIES
CloudLogonSession.JSONEncoder
CloudLogonSession.add_edge()
CloudLogonSession.can_merge()
CloudLogonSession.create()
CloudLogonSession.del_pivot_shortcut()
CloudLogonSession.description_str
CloudLogonSession.get_pivot_list()
CloudLogonSession.has_edge()
CloudLogonSession.instantiate_entity()
CloudLogonSession.is_equivalent()
CloudLogonSession.list_pivot_funcs()
CloudLogonSession.make_pivot_shortcut()
CloudLogonSession.merge()
CloudLogonSession.name_str
CloudLogonSession.node_properties
CloudLogonSession.pivots()
CloudLogonSession.properties
CloudLogonSession.to_html()
CloudLogonSession.to_json()
CloudLogonSession.to_networkx()
- msticpy.datamodel.entities.dns module
Dns
Dns.DomainName
Dns.IpAddresses
Dns.DnsServerIp
Dns.HostIpAddress
Dns.ENTITY_NAME_MAP
Dns.ID_PROPERTIES
Dns.JSONEncoder
Dns.add_edge()
Dns.can_merge()
Dns.create()
Dns.del_pivot_shortcut()
Dns.description_str
Dns.get_pivot_list()
Dns.has_edge()
Dns.instantiate_entity()
Dns.is_equivalent()
Dns.list_pivot_funcs()
Dns.make_pivot_shortcut()
Dns.merge()
Dns.name_str
Dns.node_properties
Dns.pivots()
Dns.properties
Dns.to_html()
Dns.to_json()
Dns.to_networkx()
- msticpy.datamodel.entities.entity module
ContextObject
Entity
Entity.ENTITY_NAME_MAP
Entity.ID_PROPERTIES
Entity.JSONEncoder
Entity.add_edge()
Entity.can_merge()
Entity.create()
Entity.del_pivot_shortcut()
Entity.description_str
Entity.get_pivot_list()
Entity.has_edge()
Entity.instantiate_entity()
Entity.is_equivalent()
Entity.list_pivot_funcs()
Entity.make_pivot_shortcut()
Entity.merge()
Entity.name_str
Entity.node_properties
Entity.pivots()
Entity.properties
Entity.to_html()
Entity.to_json()
Entity.to_networkx()
camelcase_property_names()
- msticpy.datamodel.entities.entity_enums module
Algorithm
ElevationToken
OSFamily
RegistryHive
RegistryHive.HKEY_A
RegistryHive.HKEY_CLASSES_ROOT
RegistryHive.HKEY_CURRENT_CONFIG
RegistryHive.HKEY_CURRENT_USER
RegistryHive.HKEY_CURRENT_USER_LOCAL_SETTINGS
RegistryHive.HKEY_LOCAL_MACHINE
RegistryHive.HKEY_PERFORMANCE_DATA
RegistryHive.HKEY_PERFORMANCE_NLSTEXT
RegistryHive.HKEY_PERFORMANCE_TEXT
RegistryHive.HKEY_USERS
RegistryHive.short_name
- msticpy.datamodel.entities.entity_graph module
- msticpy.datamodel.entities.file module
File
File.FullPath
File.Directory
File.Name
File.Md5
File.Host
File.Sha1
File.Sha256
File.Sha256Ac
File.FileHashes
File.ENTITY_NAME_MAP
File.FolderPath
File.ID_PROPERTIES
File.JSONEncoder
File.add_edge()
File.can_merge()
File.create()
File.del_pivot_shortcut()
File.description_str
File.edges
File.file_hash
File.get_pivot_list()
File.has_edge()
File.instantiate_entity()
File.is_equivalent()
File.list_pivot_funcs()
File.make_pivot_shortcut()
File.merge()
File.name_str
File.node_properties
File.path_separator
File.pivots()
File.properties
File.to_html()
File.to_json()
File.to_networkx()
- msticpy.datamodel.entities.file_hash module
FileHash
FileHash.Algorithm
FileHash.Value
FileHash.ENTITY_NAME_MAP
FileHash.ID_PROPERTIES
FileHash.JSONEncoder
FileHash.add_edge()
FileHash.can_merge()
FileHash.create()
FileHash.del_pivot_shortcut()
FileHash.description_str
FileHash.edges
FileHash.get_pivot_list()
FileHash.has_edge()
FileHash.instantiate_entity()
FileHash.is_equivalent()
FileHash.list_pivot_funcs()
FileHash.make_pivot_shortcut()
FileHash.merge()
FileHash.name_str
FileHash.node_properties
FileHash.pivots()
FileHash.properties
FileHash.to_html()
FileHash.to_json()
FileHash.to_networkx()
- msticpy.datamodel.entities.geo_location module
GeoLocation
GeoLocation.CountryCode
GeoLocation.CountryOrRegionName
GeoLocation.State
GeoLocation.City
GeoLocation.Longitude
GeoLocation.Latitude
GeoLocation.Asn
GeoLocation.CountryName
GeoLocation.ENTITY_NAME_MAP
GeoLocation.ID_PROPERTIES
GeoLocation.JSONEncoder
GeoLocation.add_edge()
GeoLocation.can_merge()
GeoLocation.coordinates
GeoLocation.create()
GeoLocation.del_pivot_shortcut()
GeoLocation.description_str
GeoLocation.edges
GeoLocation.get_pivot_list()
GeoLocation.has_edge()
GeoLocation.instantiate_entity()
GeoLocation.is_equivalent()
GeoLocation.list_pivot_funcs()
GeoLocation.make_pivot_shortcut()
GeoLocation.merge()
GeoLocation.name_str
GeoLocation.node_properties
GeoLocation.pivots()
GeoLocation.properties
GeoLocation.to_html()
GeoLocation.to_json()
GeoLocation.to_networkx()
- msticpy.datamodel.entities.graph_property module
- msticpy.datamodel.entities.host module
Host
Host.DnsDomain
Host.NTDomain
Host.HostName
Host.NetBiosName
Host.AzureID
Host.OMSAgentID
Host.OSFamily
Host.OSVersion
Host.IsDomainJoined
Host.DeviceName
Host.ENTITY_NAME_MAP
Host.FullName
Host.ID_PROPERTIES
Host.JSONEncoder
Host.add_edge()
Host.can_merge()
Host.computer
Host.create()
Host.del_pivot_shortcut()
Host.description_str
Host.edges
Host.fqdn
Host.get_pivot_list()
Host.has_edge()
Host.instantiate_entity()
Host.is_equivalent()
Host.list_pivot_funcs()
Host.make_pivot_shortcut()
Host.merge()
Host.name_str
Host.node_properties
Host.pivots()
Host.properties
Host.to_html()
Host.to_json()
Host.to_networkx()
- msticpy.datamodel.entities.host_logon_session module
HostLogonSession
HostLogonSession.Account
HostLogonSession.StartTimeUtc
HostLogonSession.EndTimeUtc
HostLogonSession.Host
HostLogonSession.SessionId
HostLogonSession.ENTITY_NAME_MAP
HostLogonSession.ID_PROPERTIES
HostLogonSession.JSONEncoder
HostLogonSession.add_edge()
HostLogonSession.can_merge()
HostLogonSession.create()
HostLogonSession.del_pivot_shortcut()
HostLogonSession.description_str
HostLogonSession.edges
HostLogonSession.get_pivot_list()
HostLogonSession.has_edge()
HostLogonSession.instantiate_entity()
HostLogonSession.is_equivalent()
HostLogonSession.list_pivot_funcs()
HostLogonSession.make_pivot_shortcut()
HostLogonSession.merge()
HostLogonSession.name_str
HostLogonSession.node_properties
HostLogonSession.pivots()
HostLogonSession.properties
HostLogonSession.to_html()
HostLogonSession.to_json()
HostLogonSession.to_networkx()
- msticpy.datamodel.entities.iot_device module
IoTDevice
IoTDevice.IoTHub
IoTDevice.DeviceId
IoTDevice.DeviceName
IoTDevice.IoTSecurityAgentId
IoTDevice.DeviceType
IoTDevice.Source
IoTDevice.SourceRef
IoTDevice.Manufacturer
IoTDevice.Model
IoTDevice.OperatingSystem
IoTDevice.IpAddress
IoTDevice.MacAddress
IoTDevice.Protocols
IoTDevice.SerialNumber
IoTDevice.ENTITY_NAME_MAP
IoTDevice.ID_PROPERTIES
IoTDevice.JSONEncoder
IoTDevice.add_edge()
IoTDevice.can_merge()
IoTDevice.create()
IoTDevice.del_pivot_shortcut()
IoTDevice.description_str
IoTDevice.edges
IoTDevice.get_pivot_list()
IoTDevice.has_edge()
IoTDevice.instantiate_entity()
IoTDevice.is_equivalent()
IoTDevice.list_pivot_funcs()
IoTDevice.make_pivot_shortcut()
IoTDevice.merge()
IoTDevice.name_str
IoTDevice.node_properties
IoTDevice.pivots()
IoTDevice.properties
IoTDevice.to_html()
IoTDevice.to_json()
IoTDevice.to_networkx()
- msticpy.datamodel.entities.ip_address module
Ip
IpAddress
IpAddress.Address
IpAddress.Location
IpAddress.ThreatIntelligence
IpAddress.ENTITY_NAME_MAP
IpAddress.ID_PROPERTIES
IpAddress.JSONEncoder
IpAddress.add_edge()
IpAddress.can_merge()
IpAddress.create()
IpAddress.del_pivot_shortcut()
IpAddress.description_str
IpAddress.edges
IpAddress.get_pivot_list()
IpAddress.has_edge()
IpAddress.instantiate_entity()
IpAddress.ip_address
IpAddress.is_equivalent()
IpAddress.list_pivot_funcs()
IpAddress.make_pivot_shortcut()
IpAddress.merge()
IpAddress.name_str
IpAddress.node_properties
IpAddress.pivots()
IpAddress.properties
IpAddress.to_html()
IpAddress.to_json()
IpAddress.to_networkx()
- msticpy.datamodel.entities.mail_cluster module
MailCluster
MailCluster.NetworkMessageIds
MailCluster.CountByDeliveryStatus
MailCluster.CountByThreatType
MailCluster.CountByProtectionStatus
MailCluster.Threats
MailCluster.Query
MailCluster.QueryTime
MailCluster.MailCount
MailCluster.IsVolumeAnomaly
MailCluster.Source
MailCluster.ClusterSourceIdentifier
MailCluster.ClusterSourceType
MailCluster.ClusterQueryStartTime
MailCluster.ClusterQueryEndTime
MailCluster.ClusterGroup
MailCluster.ENTITY_NAME_MAP
MailCluster.ID_PROPERTIES
MailCluster.JSONEncoder
MailCluster.add_edge()
MailCluster.can_merge()
MailCluster.create()
MailCluster.del_pivot_shortcut()
MailCluster.description_str
MailCluster.edges
MailCluster.get_pivot_list()
MailCluster.has_edge()
MailCluster.instantiate_entity()
MailCluster.is_equivalent()
MailCluster.list_pivot_funcs()
MailCluster.make_pivot_shortcut()
MailCluster.merge()
MailCluster.name_str
MailCluster.node_properties
MailCluster.pivots()
MailCluster.properties
MailCluster.to_html()
MailCluster.to_json()
MailCluster.to_networkx()
- msticpy.datamodel.entities.mail_message module
MailMessage
MailMessage.Recipient
MailMessage.Files
MailMessage.Urls
MailMessage.Threats
MailMessage.Sender
MailMessage.P1Sender
MailMessage.P1SenderDisplayName
MailMessage.P1SenderDomain
MailMessage.SenderIP
MailMessage.P2Sender
MailMessage.P2SenderDisplayName
MailMessage.P2SenderDomain
MailMessage.ReceivedDate
MailMessage.NetworkMessageId
MailMessage.InternetMessageId
MailMessage.Subject
MailMessage.BodyFingerprintBin1
MailMessage.BodyFingerprintBin2
MailMessage.BodyFingerprintBin3
MailMessage.BodyFingerprintBin4
MailMessage.BodyFingerprintBin5
MailMessage.AntispamDirection
MailMessage.DeliveryAction
MailMessage.DeliveryLocation
MailMessage.Language
MailMessage.ThreatDetectionMethods
MailMessage.ENTITY_NAME_MAP
MailMessage.ID_PROPERTIES
MailMessage.JSONEncoder
MailMessage.add_edge()
MailMessage.can_merge()
MailMessage.create()
MailMessage.del_pivot_shortcut()
MailMessage.description_str
MailMessage.edges
MailMessage.get_pivot_list()
MailMessage.has_edge()
MailMessage.instantiate_entity()
MailMessage.is_equivalent()
MailMessage.list_pivot_funcs()
MailMessage.make_pivot_shortcut()
MailMessage.merge()
MailMessage.name_str
MailMessage.node_properties
MailMessage.pivots()
MailMessage.properties
MailMessage.to_html()
MailMessage.to_json()
MailMessage.to_networkx()
- msticpy.datamodel.entities.mailbox module
Mailbox
Mailbox.MailboxPrimaryAddress
Mailbox.DisplayName
Mailbox.Upn
Mailbox.ExternalDirectoryObjectId
Mailbox.RiskLevel
Mailbox.ENTITY_NAME_MAP
Mailbox.ID_PROPERTIES
Mailbox.JSONEncoder
Mailbox.add_edge()
Mailbox.can_merge()
Mailbox.create()
Mailbox.del_pivot_shortcut()
Mailbox.description_str
Mailbox.edges
Mailbox.get_pivot_list()
Mailbox.has_edge()
Mailbox.instantiate_entity()
Mailbox.is_equivalent()
Mailbox.list_pivot_funcs()
Mailbox.make_pivot_shortcut()
Mailbox.merge()
Mailbox.name_str
Mailbox.node_properties
Mailbox.pivots()
Mailbox.properties
Mailbox.to_html()
Mailbox.to_json()
Mailbox.to_networkx()
- msticpy.datamodel.entities.mailbox_configuration module
MailboxConfiguration
MailboxConfiguration.ConfigType
MailboxConfiguration.MailboxPrimaryAddress
MailboxConfiguration.DisplayName
MailboxConfiguration.Upn
MailboxConfiguration.ConfigId
MailboxConfiguration.ExternalDirectoryObjectId
MailboxConfiguration.ENTITY_NAME_MAP
MailboxConfiguration.ID_PROPERTIES
MailboxConfiguration.JSONEncoder
MailboxConfiguration.add_edge()
MailboxConfiguration.can_merge()
MailboxConfiguration.create()
MailboxConfiguration.del_pivot_shortcut()
MailboxConfiguration.description_str
MailboxConfiguration.edges
MailboxConfiguration.get_pivot_list()
MailboxConfiguration.has_edge()
MailboxConfiguration.instantiate_entity()
MailboxConfiguration.is_equivalent()
MailboxConfiguration.list_pivot_funcs()
MailboxConfiguration.make_pivot_shortcut()
MailboxConfiguration.merge()
MailboxConfiguration.name_str
MailboxConfiguration.node_properties
MailboxConfiguration.pivots()
MailboxConfiguration.properties
MailboxConfiguration.to_html()
MailboxConfiguration.to_json()
MailboxConfiguration.to_networkx()
- msticpy.datamodel.entities.malware module
Malware
Malware.Name
Malware.Category
Malware.File
Malware.Files
Malware.Processes
Malware.ENTITY_NAME_MAP
Malware.ID_PROPERTIES
Malware.JSONEncoder
Malware.add_edge()
Malware.can_merge()
Malware.create()
Malware.del_pivot_shortcut()
Malware.description_str
Malware.edges
Malware.get_pivot_list()
Malware.has_edge()
Malware.instantiate_entity()
Malware.is_equivalent()
Malware.list_pivot_funcs()
Malware.make_pivot_shortcut()
Malware.merge()
Malware.name_str
Malware.node_properties
Malware.pivots()
Malware.properties
Malware.to_html()
Malware.to_json()
Malware.to_networkx()
- msticpy.datamodel.entities.network_connection module
NetworkConnection
NetworkConnection.SourceAddress
NetworkConnection.SourcePort
NetworkConnection.DestinationAddress
NetworkConnection.DestinationPort
NetworkConnection.Protocol
NetworkConnection.ENTITY_NAME_MAP
NetworkConnection.ID_PROPERTIES
NetworkConnection.JSONEncoder
NetworkConnection.add_edge()
NetworkConnection.can_merge()
NetworkConnection.create()
NetworkConnection.del_pivot_shortcut()
NetworkConnection.description_str
NetworkConnection.edges
NetworkConnection.get_pivot_list()
NetworkConnection.has_edge()
NetworkConnection.instantiate_entity()
NetworkConnection.is_equivalent()
NetworkConnection.list_pivot_funcs()
NetworkConnection.make_pivot_shortcut()
NetworkConnection.merge()
NetworkConnection.name_str
NetworkConnection.node_properties
NetworkConnection.pivots()
NetworkConnection.properties
NetworkConnection.to_html()
NetworkConnection.to_json()
NetworkConnection.to_networkx()
- msticpy.datamodel.entities.oauth_application module
OAuthApplication
OAuthApplication.OAuthAppId
OAuthApplication.OAuthObjectId
OAuthApplication.Name
OAuthApplication.TenantId
OAuthApplication.PublisherName
OAuthApplication.Risk
OAuthApplication.Permissions
OAuthApplication.RedirectURLs
OAuthApplication.AuthorizedBy
OAuthApplication.ENTITY_NAME_MAP
OAuthApplication.ID_PROPERTIES
OAuthApplication.JSONEncoder
OAuthApplication.add_edge()
OAuthApplication.can_merge()
OAuthApplication.create()
OAuthApplication.del_pivot_shortcut()
OAuthApplication.description_str
OAuthApplication.edges
OAuthApplication.get_pivot_list()
OAuthApplication.has_edge()
OAuthApplication.instantiate_entity()
OAuthApplication.is_equivalent()
OAuthApplication.list_pivot_funcs()
OAuthApplication.make_pivot_shortcut()
OAuthApplication.merge()
OAuthApplication.name_str
OAuthApplication.node_properties
OAuthApplication.pivots()
OAuthApplication.properties
OAuthApplication.to_html()
OAuthApplication.to_json()
OAuthApplication.to_networkx()
- msticpy.datamodel.entities.process module
Process
Process.ProcessId
Process.CommandLine
Process.ElevationToken
Process.CreationTimeUtc
Process.ImageFile
Process.Account
Process.ParentProcess
Process.Host
Process.LogonSession
Process.ENTITY_NAME_MAP
Process.ID_PROPERTIES
Process.JSONEncoder
Process.ProcessFilePath
Process.ProcessName
Process.add_edge()
Process.can_merge()
Process.create()
Process.del_pivot_shortcut()
Process.description_str
Process.edges
Process.get_pivot_list()
Process.has_edge()
Process.instantiate_entity()
Process.is_equivalent()
Process.list_pivot_funcs()
Process.make_pivot_shortcut()
Process.merge()
Process.name_str
Process.node_properties
Process.pivots()
Process.properties
Process.to_html()
Process.to_json()
Process.to_networkx()
- msticpy.datamodel.entities.registry_key module
RegistryKey
RegistryKey.Hive
RegistryKey.Key
RegistryKey.ENTITY_NAME_MAP
RegistryKey.ID_PROPERTIES
RegistryKey.JSONEncoder
RegistryKey.add_edge()
RegistryKey.can_merge()
RegistryKey.create()
RegistryKey.del_pivot_shortcut()
RegistryKey.description_str
RegistryKey.edges
RegistryKey.get_pivot_list()
RegistryKey.has_edge()
RegistryKey.instantiate_entity()
RegistryKey.is_equivalent()
RegistryKey.list_pivot_funcs()
RegistryKey.make_pivot_shortcut()
RegistryKey.merge()
RegistryKey.name_str
RegistryKey.node_properties
RegistryKey.pivots()
RegistryKey.properties
RegistryKey.to_html()
RegistryKey.to_json()
RegistryKey.to_networkx()
- msticpy.datamodel.entities.registry_value module
RegistryValue
RegistryValue.Key
RegistryValue.Name
RegistryValue.Value
RegistryValue.ValueType
RegistryValue.ENTITY_NAME_MAP
RegistryValue.ID_PROPERTIES
RegistryValue.JSONEncoder
RegistryValue.add_edge()
RegistryValue.can_merge()
RegistryValue.create()
RegistryValue.del_pivot_shortcut()
RegistryValue.description_str
RegistryValue.edges
RegistryValue.get_pivot_list()
RegistryValue.has_edge()
RegistryValue.instantiate_entity()
RegistryValue.is_equivalent()
RegistryValue.list_pivot_funcs()
RegistryValue.make_pivot_shortcut()
RegistryValue.merge()
RegistryValue.name_str
RegistryValue.node_properties
RegistryValue.pivots()
RegistryValue.properties
RegistryValue.to_html()
RegistryValue.to_json()
RegistryValue.to_networkx()
- msticpy.datamodel.entities.security_group module
SecurityGroup
SecurityGroup.DistinguishedName
SecurityGroup.SID
SecurityGroup.ObjectGuid
SecurityGroup.ENTITY_NAME_MAP
SecurityGroup.ID_PROPERTIES
SecurityGroup.JSONEncoder
SecurityGroup.add_edge()
SecurityGroup.can_merge()
SecurityGroup.create()
SecurityGroup.del_pivot_shortcut()
SecurityGroup.description_str
SecurityGroup.edges
SecurityGroup.get_pivot_list()
SecurityGroup.has_edge()
SecurityGroup.instantiate_entity()
SecurityGroup.is_equivalent()
SecurityGroup.list_pivot_funcs()
SecurityGroup.make_pivot_shortcut()
SecurityGroup.merge()
SecurityGroup.name_str
SecurityGroup.node_properties
SecurityGroup.pivots()
SecurityGroup.properties
SecurityGroup.to_html()
SecurityGroup.to_json()
SecurityGroup.to_networkx()
- msticpy.datamodel.entities.service_principal module
ServicePrincipal
ServicePrincipal.ServicePrincipalName
ServicePrincipal.ServicePrincipalObjectId
ServicePrincipal.AppId
ServicePrincipal.AppOwnerTenantId
ServicePrincipal.TenantId
ServicePrincipal.ServicePrincipalType
ServicePrincipal.ENTITY_NAME_MAP
ServicePrincipal.ID_PROPERTIES
ServicePrincipal.JSONEncoder
ServicePrincipal.add_edge()
ServicePrincipal.can_merge()
ServicePrincipal.create()
ServicePrincipal.del_pivot_shortcut()
ServicePrincipal.description_str
ServicePrincipal.edges
ServicePrincipal.get_pivot_list()
ServicePrincipal.has_edge()
ServicePrincipal.instantiate_entity()
ServicePrincipal.is_equivalent()
ServicePrincipal.list_pivot_funcs()
ServicePrincipal.make_pivot_shortcut()
ServicePrincipal.merge()
ServicePrincipal.name_str
ServicePrincipal.node_properties
ServicePrincipal.pivots()
ServicePrincipal.properties
ServicePrincipal.to_html()
ServicePrincipal.to_json()
ServicePrincipal.to_networkx()
- msticpy.datamodel.entities.submission_mail module
SubmissionMail
SubmissionMail.SubmissionId
SubmissionMail.SubmissionDate
SubmissionMail.Submitter
SubmissionMail.NetworkMessageId
SubmissionMail.Timestamp
SubmissionMail.Recipient
SubmissionMail.Sender
SubmissionMail.SenderIp
SubmissionMail.Subject
SubmissionMail.ReportType
SubmissionMail.ENTITY_NAME_MAP
SubmissionMail.ID_PROPERTIES
SubmissionMail.JSONEncoder
SubmissionMail.add_edge()
SubmissionMail.can_merge()
SubmissionMail.create()
SubmissionMail.del_pivot_shortcut()
SubmissionMail.description_str
SubmissionMail.edges
SubmissionMail.get_pivot_list()
SubmissionMail.has_edge()
SubmissionMail.instantiate_entity()
SubmissionMail.is_equivalent()
SubmissionMail.list_pivot_funcs()
SubmissionMail.make_pivot_shortcut()
SubmissionMail.merge()
SubmissionMail.name_str
SubmissionMail.node_properties
SubmissionMail.pivots()
SubmissionMail.properties
SubmissionMail.to_html()
SubmissionMail.to_json()
SubmissionMail.to_networkx()
- msticpy.datamodel.entities.threat_intelligence module
Threatintelligence
Threatintelligence.ProviderName
Threatintelligence.ThreatType
Threatintelligence.ThreatName
Threatintelligence.Confidence
Threatintelligence.ReportLink
Threatintelligence.ThreatDescription
Threatintelligence.ENTITY_NAME_MAP
Threatintelligence.ID_PROPERTIES
Threatintelligence.JSONEncoder
Threatintelligence.add_edge()
Threatintelligence.can_merge()
Threatintelligence.create()
Threatintelligence.del_pivot_shortcut()
Threatintelligence.description_str
Threatintelligence.edges
Threatintelligence.get_pivot_list()
Threatintelligence.has_edge()
Threatintelligence.instantiate_entity()
Threatintelligence.is_equivalent()
Threatintelligence.list_pivot_funcs()
Threatintelligence.make_pivot_shortcut()
Threatintelligence.merge()
Threatintelligence.name_str
Threatintelligence.node_properties
Threatintelligence.pivots()
Threatintelligence.properties
Threatintelligence.to_html()
Threatintelligence.to_json()
Threatintelligence.to_networkx()
- msticpy.datamodel.entities.unknown_entity module
UnknownEntity
UnknownEntity.ENTITY_NAME_MAP
UnknownEntity.ID_PROPERTIES
UnknownEntity.JSONEncoder
UnknownEntity.add_edge()
UnknownEntity.can_merge()
UnknownEntity.create()
UnknownEntity.del_pivot_shortcut()
UnknownEntity.description_str
UnknownEntity.edges
UnknownEntity.get_pivot_list()
UnknownEntity.has_edge()
UnknownEntity.instantiate_entity()
UnknownEntity.is_equivalent()
UnknownEntity.list_pivot_funcs()
UnknownEntity.make_pivot_shortcut()
UnknownEntity.merge()
UnknownEntity.name_str
UnknownEntity.node_properties
UnknownEntity.pivots()
UnknownEntity.properties
UnknownEntity.to_html()
UnknownEntity.to_json()
UnknownEntity.to_networkx()
- msticpy.datamodel.entities.url module
Url
Url.Url
Url.DetonationVerdict
Url.ENTITY_NAME_MAP
Url.ID_PROPERTIES
Url.JSONEncoder
Url.add_edge()
Url.can_merge()
Url.create()
Url.del_pivot_shortcut()
Url.description_str
Url.edges
Url.get_pivot_list()
Url.has_edge()
Url.instantiate_entity()
Url.is_equivalent()
Url.list_pivot_funcs()
Url.make_pivot_shortcut()
Url.merge()
Url.name_str
Url.node_properties
Url.pivots()
Url.properties
Url.to_html()
Url.to_json()
Url.to_networkx()