Azure Blob Storage provides a simple and flexible way to store and access data of any kind. This makes it ideal for storing a range of data relating to security investigations, whether it be raw data to analyze or to store outputs and findings.
This class wraps the Azure Python SDK and integrates it with other MSTICpy features.
from msticpy.data.storage import AzureBlobStorage
See :py:mod:`azure_blob_storage<msticpy.data.storage.azure_blob_storage>` for API details.
Azure Blob Storage works on the basis of accounts, these are top level
objects under which everything sits. When initializing AzureBlobStorage
you need to provide the name of the account you wish to interact with.
You then need to authenticate with the connect
function.
Authentication uses the az_connect
feature of
MSTICpy and the authentication methods can be customized by passing them
to connect
with the auth_methods
keyword.
abs = AzureBlobStorage("MyABSAccount")
abs.connect(auth_methods=["cli"])
For more details on Azure authentication see :doc:`../getting_started/AzureAuthentication`.
Containers
returns details on all the containers within an account.
abs.containers()
name | last_modified | etag | public_access | has_immutability_policy | deleted | version | has_legal_hold | metadata | |
---|---|---|---|---|---|---|---|---|---|
0 | papermill | 2020-11-06 21:53:33+00:00 | "0x8D8829E684FCAA2" | None | False | None | None | False | None |
1 | testcontainer | 2020-11-19 15:22:38+00:00 | "0x8D88C9EF3328E1F" | None | False | None | None | False | None |
See :py:mod:`containers<msticpy.data.storage.azure_blob_storage.AzureBlobStorage.containers>` for API details.
create_container
creates a new container within the account.
abs.create_container(conatiner_name="MyNewContainer")
name | last_modified | etag | public_access | has_immutability_policy | deleted | version | has_legal_hold | |
---|---|---|---|---|---|---|---|---|
0 | MyNewContainer | 2020-11-25 16:28:54+00:00 | "0x8D8915F336764B3" | None | False | None | None | False |
See :py:mod:`create_container<msticpy.data.storage.azure_blob_storage.AzureBlobStorage.create_container>` for API details.
blobs
returns details on all the blobs in a container, due to the container scope it is required that you pass this function
the name of the container you want to list blobs from.
blobs = abs.blobs(container_name="MyNewContainer")
display(blobs[['name', 'container', 'snapshot', 'blob_type', 'last_modified']])
name | container | snapshot | blob_type | last_modified | |
---|---|---|---|---|---|
0 | test-blob | MyNewContainer | None | BlobType.BlockBlob | 2020-11-25 17:26:44+00:00 |
See :py:mod:`blobs<msticpy.data.storage.azure_blob_storage.AzureBlobStorage.blobs>` for API details.
upload_to_blob
writes data to a blob as specified. By default this will overwrite anything in the blob
but you can set overwrite=False
to stop an overwrite if the blob already has contents.
The function returns True if the upload was successful.
>abs.upload_to_blob(blob="Here is some test data", container_name="MyNewContainer", blob_name="test-blob")
True
See :py:mod:`upload_to_blob<msticpy.data.storage.azure_blob_storage.AzureBlobStorage.upload_to_blob>` for API details.
get_blob
returns the contents of the specified blob.
> blob_contents = abs.get_blob(container_name="MyNewContainer", blob_name="test-blob")
> print(blob_contents)
b"Here is some test data"
See :py:mod:`get_blob<msticpy.data.storage.azure_blob_storage.AzureBlobStorage.get_blob>` for API details.
delete_blob
deletes a blob. By default this will also delete any blob snapshots.
Returns True if blob is successfully deleted.
>abs.delete_blob(container_name="MyNewContainer", blob_name="test-blob")
True
See :py:mod:`delete_blob<msticpy.data.storage.azure_blob_storage.AzureBlobStorage.delete_blob>` for API details.
get_sas_token
generates a SAS token for the specified blob.
By default the token generated is valid for read access for 7 days but permissions can be modified with the
permission
keyword, and validity time-frame with the start
and end
keywords.
The returned string is a full URI for the blob, with the SAS token appended.
>abs.get_sas_token(container_name="MyNewContainer", blob_name="test-blob")
"https://myabsaccount.blob.core.windows.net/MyNewContainer/test-blob?SASTOKENSTRING
See :py:mod:`get_sas_token<msticpy.data.storage.azure_blob_storage.AzureBlobStorage.get_sas_token>` for API details.