msticpy.data.data_obfus module

Data obfuscation functions.

class msticpy.data.data_obfus.ObfuscationAccessor(pandas_obj)

Bases: object

Base64 Unpack pandas extension.

Initialize the extension.

mask(column_map: Optional[Mapping[str, Any]] = None, use_default: bool = True) DataFrame

Obfuscate the data in columns of a pandas dataframe.

Parameters

  • data (pd.DataFrame) – dataframe containing column to obfuscate

  • column_map (Mapping[str, Any], optional) – Custom column mapping, by default None

  • use_default (bool) – If True use the built-in map (adding any custom mappings to this dictionary)

Returns

Obfuscated dataframe

Return type

pd.DataFrame

msticpy.data.data_obfus.check_masking(data: DataFrame, orig_data: DataFrame, index: int = 0, silent=True) Optional[Tuple[List[str], List[str]]]

Check the obfuscation results for a row.

Parameters

  • data (pd.DataFrame) – Obfuscated DataFrame

  • orig_data (pd.DataFrame) – Original DataFrame

  • index (int, optional) – The row to check, by default 0

  • silent (bool) – If False the function returns no output and returns lists of changed and unchanged columns. By default, True

Returns

If silent is True returns a tuple of unchanged, changed items. If False, returns None.

Return type

Optional[Tuple[List[str], List[str]]]

msticpy.data.data_obfus.check_obfuscation(data: DataFrame, orig_data: DataFrame, index: int = 0, silent=True) Optional[Tuple[List[str], List[str]]]

Check the obfuscation results for a row.

Parameters

  • data (pd.DataFrame) – Obfuscated DataFrame

  • orig_data (pd.DataFrame) – Original DataFrame

  • index (int, optional) – The row to check, by default 0

  • silent (bool) – If False the function returns no output and returns lists of changed and unchanged columns. By default, True

Returns

If silent is True returns a tuple of unchanged, changed items. If False, returns None.

Return type

Optional[Tuple[List[str], List[str]]]

msticpy.data.data_obfus.hash_account(account: str) str

Hash an Account to something recognizable.

Parameters

account (str) – Account name (UPN, NT or simple name)

Returns

Hashed Account

Return type

str

msticpy.data.data_obfus.hash_dict(item_dict: Dict[str, Union[Dict[str, Any], List[Any], str]]) Dict[str, Any]

Hash dictionary values.

Parameters

item_dict (Dict[str, Union[Dict[str, Any], List[Any], str]]) – Input item can be a Dict of strings, lists or other dictionaries.

Returns

Dictionary with hashed values.

Return type

Dict[str, Any]

msticpy.data.data_obfus.hash_ip(input_item: Union[List[str], str]) Union[List[str], str]

Hash IP address or list of IP addresses.

Parameters

input_item (Union[List[str], str]) – List of IP addresses or single IP address.

Returns

List of hashed addresses or single address. (depending on input)

Return type

Union[List[str], str]

msticpy.data.data_obfus.hash_item(input_item: str, delim: str = None) str

Hash a simple string.

Parameters

  • input_item (str) – The input string

  • delim (str, optional) – A string of delimiters to use to split the input string prior to hashing.

Returns

The obfuscated output string

Return type

str

msticpy.data.data_obfus.hash_list(item_list: List[str]) List[Any]

Hash list of strings.

Parameters

item_list (List[str]) – Input list

Returns

Hashed list

Return type

List[Any]

msticpy.data.data_obfus.hash_sid(sid: str) str

Hash a SID preserving well-known SIDs and the RID.

Parameters

sid (str) – SID string

Returns

Hashed SID

Return type

str

msticpy.data.data_obfus.hash_string(input_str: str) str

Hash a simple string.

Parameters

input_str (str) – The input string

Returns

The obfuscated output string

Return type

str

msticpy.data.data_obfus.mask_df(data: DataFrame, column_map: Optional[Mapping[str, Any]] = None, use_default: bool = True, silent: bool = True) DataFrame

Obfuscate columns of a DataFrame.

Parameters

  • data (pd.DataFrame) – Input dataframe

  • column_map (Mapping[str, Any], optional) – Custom column mapping, by default None

  • use_default (bool) – If True use the built-in map (adding any custom mappings to this dictionary)

  • silent (bool) – If False the function returns progress output, by default True.

Returns

Obfuscated dataframe.

Return type

pd.DataFrame

msticpy.data.data_obfus.obfuscate_df(data: DataFrame, column_map: Optional[Mapping[str, Any]] = None, use_default: bool = True, silent: bool = True) DataFrame

Obfuscate columns of a DataFrame.

Parameters

  • data (pd.DataFrame) – Input dataframe

  • column_map (Mapping[str, Any], optional) – Custom column mapping, by default None

  • use_default (bool) – If True use the built-in map (adding any custom mappings to this dictionary)

  • silent (bool) – If False the function returns progress output, by default True.

Returns

Obfuscated dataframe.

Return type

pd.DataFrame

msticpy.data.data_obfus.replace_guid(guid: str) str

Replace GUID/UUID with mapped random UUID.

Parameters

guid (str) – Input UUID.

Returns

Mapped UUID

Return type

str