Notebooklet Class - HostSummary
HostSummary Notebooklet class.
Queries and displays information about a host including:
IP address assignment
Related alerts
Related hunting/investigation bookmarks
Azure subscription/resource data.
Default Options
heartbeat: Query Heartbeat table for host information.
azure_net: Query AzureNetworkAnalytics table for host network topology information.
alerts: Query any alerts for the host.
bookmarks: Query any bookmarks for the host.
azure_api: Query Azure API for VM information.
Other Options
None
Display Sections
Host Entity Summary
This shows a summary data for a host. It shows host properties obtained from OMS Heartbeat and Azure API. It also lists Azure Sentinel alerts and bookmakrs related to to the host. Data and plots are stored in the result class returned by this function.
Host Entity details
These are the host entity details gathered from Heartbeat and, if applicable, AzureNetworkAnalytics and Azure management API. The data shows OS information, IP Addresses assigned the host and any Azure VM information available.
Results Class
HostSummaryResult
Host Details Results.
Attributes
- host_entity : msticpy.datamodel.entities.HostThe host entity object contains data about the host such as name, environment, operating system version, IP addresses and Azure VM details. Depending on the type of host, not all of this data may be populated.
- related_alerts : pd.DataFramePandas DataFrame of any alerts recorded for the host within the query time span.
- alert_timeline:Bokeh time plot of alerts recorded for host.
- related_bookmarks: pd.DataFramePandas DataFrame of any investigation bookmarks relating to the host.
Methods
Instance Methods
__init__
browse_alerts
run
Inherited methods
check_table_exists
check_valid_result_data
attrib
contains data.get_methods
get_pivot_run
get_provider
list_methods
run_nb_func
run_nb_funcs
Other Methods
add_nb_function
all_options
default_options
description
entity_types
get_help
get_settings
import_cell
keywords
list_options
match_terms
search_terms
.name
print_options
result
result [property] Return result of the most recent notebooklet run.
show_help
silent
silent [property] Get the current instance setting for silent running.
<hr>
run
function documentation
Return host summary data.
Parameters
- valuestr
Host name
- dataOptional[pd.DataFrame], optional
Not used, by default None
- timespanTimeSpan
Timespan over which operations such as queries will be performed, by default None. This can be a TimeStamp object or another object that has valid start, end, or period attributes.
- optionsOptional[Iterable[str]], optional
List of options to use, by default None A value of None means use default options. Options prefixed with “+” will be added to the default options. To see the list of available options type help(cls) where “cls” is the notebooklet class or an instance of this class.
Other Parameters
- startUnion[datetime, datelike-string]
Alternative to specifying timespan parameter.
- endUnion[datetime, datelike-string]
Alternative to specifying timespan parameter.
Returns
- HostSummaryResult
Result object with attributes for each result type.
Raises
- MsticnbMissingParameterError
If required parameters are missing
Default Options
heartbeat: Query Heartbeat table for host information.
azure_net: Query AzureNetworkAnalytics table for host network topology information.
alerts: Query any alerts for the host.
bookmarks: Query any bookmarks for the host.
azure_api: Query Azure API for VM information.
Other Options
None