Alert Triage Notebook features (#63)

* Adding get_all_entities feature used in Alerts Notebook * pre-commit test * Fixed issue causing test failure * pre-commit restore * requirements.txt and setup.py changes to avoid version conflicts (causing sphinx to fail) updated version to 5.0 changed md_warn to orange and adds md_error as red. * Adding pkgs to conda-reqs-pip.txt Removing Python 3.7 version setting from pre-commit * Flake8 error with unknown "QuerySource" Co-authored-by: Ian Hellen <ianhelle@microsoft.com>
microsoft · May 12, 2020 · 54255f6 · 54255f6
1 parent 9a28ea1
commit 54255f6
Show file tree

Hide file tree

Showing 8 changed files with 56 additions and 5 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -11,7 +11,6 @@ repos:
     hooks:
     - id: black
       language: python
-      language_version: python3.7
 -   repo: local
     hooks:
     - id: download_tlds

diff --git a/conda/conda-reqs-pip.txt b/conda/conda-reqs-pip.txt
@@ -1,3 +1,4 @@
+azure-cli-core==2.5.0
 azure-core>=1.2.2
 azure-identity>=1.3.0
 azure-keyvault-secrets>=4.0.0
@@ -9,4 +10,5 @@ azure-mgmt-subscription>=0.2.0
 geoip2>=2.9.0
 ipwhois>=1.1.0
 Kqlmagic>=0.1.106
+msal~=1.0.0
 tldextract>=2.2.2
diff --git a/msticpy/_version.py b/msticpy/_version.py
@@ -1,2 +1,2 @@
 """Version file."""
-VERSION = "0.4.1"
+VERSION = "0.5.0"
diff --git a/msticpy/common/utility.py b/msticpy/common/utility.py
@@ -322,15 +322,29 @@ def md(string: str, styles: Union[str, Iterable[str]] = None):
 @export
 def md_warn(string: str):
     """
-    Return string as a warning - red text prefixed by "Warning".
+    Return string as a warning - orange text prefixed by "Warning".
 
     Parameters
     ----------
     string : str
         The warning message.
 
     """
-    md(f"Warning: {string}", "bold, red, large")
+    md(f"Warning: {string}", "bold, orange, large")
+
+
+@export
+def md_error(string: str):
+    """
+    Return string as an error - red text prefixed by "Error".
+
+    Parameters
+    ----------
+    string : str
+        The error message.
+
+    """
+    md(f"Error: {string}", "bold, orange, large")
 
 
 # Styles available to use in the above Markdown tools.

diff --git a/msticpy/data/query_source.py b/msticpy/data/query_source.py
@@ -66,7 +66,7 @@ def __init__(self, name: str, source: dict, defaults: dict, metadata: dict):
         self._source = source
         self.defaults = defaults
         self._global_metadata = dict(metadata) if metadata else dict()
-        self.query_store: Optional["QueryStore"] = None  # type: ignore
+        self.query_store: Optional["QueryStore"] = None  # type: ignore  # noqa: F821
 
         # consolidate source metadata - source-specifc
         # overrides global

diff --git a/msticpy/nbtools/security_base.py b/msticpy/nbtools/security_base.py
@@ -412,6 +412,38 @@ def get_entities_of_type(self, entity_type: str) -> List[Entity]:
             if p["Type"] == entity_type or class_type and isinstance(p, class_type)
         ]
 
+    def get_all_entities(self) -> pd.DataFrame:
+        """
+        Return a DataFrame of the Alert or Event entities.
+
+        Returns
+        -------
+        DataFrame
+            Pandas DataFrame of the Alert or Event entities.
+
+        """
+        entity = []
+        ent_type = []
+        for item in self.entities:
+            if "Address" in item:
+                entity.append(item["Address"])
+                ent_type.append(item["Type"])
+            elif "Url" in item:
+                entity.append(item["Url"])
+                ent_type.append(item["Type"])
+            elif "HostName" in item:
+                entity.append(item["HostName"])
+                ent_type.append(item["Type"])
+            elif "Entity" in item:
+                entity.append(item["Entity"])
+                ent_type.append(item["Type"])
+            elif item["Type"] == "account":
+                entity.append(item["Name"])
+                ent_type.append(item["Type"])
+
+        entities = pd.DataFrame({"Entity": entity, "Type": ent_type})
+        return entities
+
     def to_html(self, show_entities: bool = False) -> str:
         """Return the item as HTML string."""
         html_doc = pd.DataFrame(self._source_data).to_html()

diff --git a/requirements.txt b/requirements.txt
@@ -1,6 +1,7 @@
 adal>=1.2.2
 attrs>=18.2.0
 azure-common>=1.1.18
+azure-cli-core==2.5.0
 azure-core>=1.2.2
 azure-identity>=1.3.0
 azure-keyvault-secrets>=4.0.0
@@ -23,6 +24,7 @@ ipywidgets>=7.4.2
 keyring>=18.0.0
 Kqlmagic>=0.1.106
 matplotlib>=3.0.2
+msal~=1.0.0
 msrest>=0.6.0
 msrestazure>=0.6.0
 networkx>=2.2

diff --git a/setup.py b/setup.py
@@ -13,6 +13,7 @@
     "adal>=1.2.2",
     "attrs>=18.2.0",
     "azure-common>=1.1.18",
+    "azure-cli-core==2.5.0",
     "azure-core>=1.2.2",
     "azure-identity>=1.3.0",
     "azure-keyvault-secrets>=4.0.0",
@@ -35,6 +36,7 @@
     "keyring>=18.0.0",
     "Kqlmagic>=0.1.106",
     "matplotlib>=3.0.2",
+    "msal~=1.0.0",
     "msrest>=0.6.0",
     "msrestazure>=0.6.0",
     "networkx>=2.2",