Notebook Common Library modules

Categories

• Azure Sentinel library modules
  • Submodules
  • msticnb.nblib.azsent.host module
  • msticnb.nblib.azsent.alert module

msticnb.nblib.iptools module

IP Helper functions.

msticnb.nblib.iptools.arg_to_list(arg: Union[str, List[str]], delims=',; ') → List[str]

Convert an optional list/str/str with delims into a list.

Parameters:

• arg (Union[str, List[str]]) – A string, delimited string or list
• delims (str, optional) – The default delimiters to use, by default “,; “

Returns:

List of string components

Return type:

List[str]

Raises:

TypeError – If arg is not a string or list

msticnb.nblib.iptools.convert_to_ip_entities(ip_str: Optional[str] = None, data: Optional[pandas.core.frame.DataFrame] = None, ip_col: Optional[str] = None, geo_lookup: Any = None) → List[msticpy.datamodel.entities.ip_address.IpAddress]

Take in an IP Address string and converts it to an IP Entity.

Parameters:

• ip_str (str) – A string with a single IP Address or multiple addresses delimited by comma or space
• data (pd.DataFrame) – Use DataFrame as input
• ip_col (str) – Column containing IP addresses
• geo_lookup (bool) – If true, do geolocation lookup on IPs, by default, True

Returns:

The populated IP entities including address and geo-location

Return type:

List

Raises:

ValueError – If neither ip_string or data/column provided as input

msticnb.nblib.iptools.get_geoip_whois(geo_lookup, data: pandas.core.frame.DataFrame, ip_col: str)

Get GeoIP and WhoIs data for IPs.

Parameters:

• geo_lookup (GeoIpLookup) – GeoIP Provider
• data (pd.DataFrame) – Input data frame
• ip_col (str) – Name of Ip address column

Returns:

Results dataframe with GeoIP and WhoIs data

Return type:

pd.DataFrame

msticnb.nblib.iptools.get_ip_ti(ti_lookup, data: pandas.core.frame.DataFrame, ip_col: str) → pandas.core.frame.DataFrame

Lookup Threat Intel for IPAddress.

Parameters:

• ti_lookup (TILookup) – TI Lookup provider
• data (pd.DataFrame) – Input data frame
• ip_col (str) – Name of Ip address column

Returns:

DataFrame with TI results for IPs

Return type:

pd.DataFrame

msticnb.nblib.iptools.map_ips(data: pandas.core.frame.DataFrame, ip_col: str, summary_cols: Optional[List[str]] = None, geo_lookup: Any = None) → msticpy.nbtools.foliummap.FoliumMap

Produce a map of IP locations.

Parameters:

• geo_lookup (Any) – Geo-IP provider instance
• data (pd.DataFrame) – Data containing the IPAddress
• ip_col (str) – [description]
• summary_cols (Optional[List[str]], optional) – [description], by default None
• geo_lookup – GeoIP Provider instance.

Returns:

Folium map with items plotted.

Return type:

FoliumMap