Notebooklet Class - EnrichAlerts
Alert Enrichment Notebooklet Class.
Enriches Azure Sentinel alerts with TI data.
Display Sections
Results Class
TIEnrichResult
Template Results.
Attributes
- enriched_results : pd.DataFrameAlerts with additional TI enrichment
- picker : SelectAlertAlert picker
Methods
Instance Methods
__init__
run
Inherited methods
check_table_exists
check_valid_result_data
attrib
contains data.get_methods
get_pivot_run
get_provider
list_methods
run_nb_func
run_nb_funcs
Other Methods
add_nb_function
all_options
default_options
description
entity_types
get_help
get_settings
import_cell
keywords
list_options
match_terms
search_terms
.name
print_options
result
result [property] Return result of the most recent notebooklet run.
show_help
silent
silent [property] Get the current instance setting for silent running.
<hr>
run
function documentation
Return an enriched set of Alerts.
Parameters
- timespanTimeSpan
Timespan for queries
- optionsOptional[Iterable[str]], optional
List of options to use, by default None. A value of None means use default options. Options prefixed with “+” will be added to the default options. To see the list of available options type help(cls) where “cls” is the notebooklet class or an instance of this class.
- value: Optional[str], optional
If you want to filter Alerts based on a specific entity specify it as a string.
- data: Optional[pd.DataFrame], optional
If you have alerts in a DataFrame you can pass them rather than having the notebooklet query alerts.
Returns
- TIEnrichResult
Result object with attributes for each result type.
Raises
- MsticnbMissingParameterError
If required parameters are missing
- MsticnbDataProviderError
If data is not avaliable
Default Options
TI: Uses TI to enrich alert data. Will use your primary TI providers.
details: Displays a widget allowing you to see more detail about an alert.
Other Options
secondary: Uses secondary TI providers in lookups.