Azure Sentinel library modules¶
Submodules¶
msticnb.nblib.azsent.host module¶
host_network_summary notebooklet.
-
class
msticnb.nblib.azsent.host.
HostNameVerif
(host_name, host_type, host_names)¶ Bases:
tuple
Create new instance of HostNameVerif(host_name, host_type, host_names)
-
count
()¶ Return number of occurrences of value.
-
host_name
¶ Alias for field number 0
-
host_names
¶ Alias for field number 2
-
host_type
¶ Alias for field number 1
-
index
()¶ Return first index of value.
Raises ValueError if the value is not present.
-
-
msticnb.nblib.azsent.host.
get_aznet_topology
¶ Get Azure Network topology information for host or IP address.
Parameters: - qry_prov (QueryProvider) – Query provider to use for queries
- host_entity (Host) – Host entity to populate data with
- host_name (str, optional) – Host name, by default None
- host_ip (str, optional) – Host IP Address, by default None
-
msticnb.nblib.azsent.host.
get_heartbeat
¶ Get Heartbeat information for host or IP.
Parameters: - qry_prov (QueryProvider) – Query provider to use for queries
- host_name (str, optional) – Host name, by default None
- host_ip (str, optional) – Host IP Address, by default None
Returns: Host entity
Return type: Host
-
msticnb.nblib.azsent.host.
populate_host_entity
(heartbeat_df: pandas.core.frame.DataFrame = None, az_net_df: pandas.core.frame.DataFrame = None, vmcomputer_df: pandas.core.frame.DataFrame = None, host_entity: msticpy.datamodel.entities.host.Host = None, geo_lookup: Any = None) → msticpy.datamodel.entities.host.Host¶ Populate host with IP and other data.
Parameters: - heartbeat_df (pd.DataFrame) – Optional dataframe of heartbeat data for the host
- az_net_df (pd.DataFrame) – Optional dataframe of Azure network data for the host
- vmcomputer_df (pd.DataFrame) – Optional dataframe of VMComputer data for the host
- host_entity (Host) – Host entity in which to populate data. By default, a new host entity will be created.
- geo_lookup (Any) – GeoIP Provider to use, if needed.
Returns: How with details of the IP data collected
Return type: Host
-
msticnb.nblib.azsent.host.
verify_host_name
¶ Verify unique hostname by checking Win and Linux logs.
Parameters: - qry_prov (QueryProvider) – Kql query provider
- timespan (TimeSpan) – Time span over which to query
- host_name (str) – The full or partial hostname.
Returns: Tuple[Optional[str], Optional[str], Optional[Dict[str, str]]] Named tuple HostNameVerif fields: host_name, host_type, host_names If unique hostname found, host_name is populated. If multiple matching hostnames found, host_names is populated and host_name is None. host_type is either Windows or Linux. If no matching host then all fields are None.
Return type: