def test_connect_queries_dotted(self): """Test queries provided at connect time.""" # Same test as above but with dotted container ut_provider = UTDataDriver() dotted_container_qs = _TEST_QUERIES.copy() for query in dotted_container_qs: query["query_container"] = "Saved.Searches" ut_provider.svc_queries = dotted_container_qs data_provider = QueryProvider(data_environment="LogAnalytics", driver=ut_provider) data_provider.connect("testuri") self.assertTrue(hasattr(data_provider, "Saved")) saved_searches = getattr(data_provider, "Saved") saved_searches = getattr(saved_searches, "Searches") for attr in dotted_container_qs: attr = attr["name"].split(".")[0] self.assertTrue(hasattr(saved_searches, attr)) self.assertTrue( isinstance(getattr(saved_searches, attr), (partial, QueryContainer))) q_store = data_provider.query_store q_src = q_store.get_query("Saved.Searches.test.query3") self.assertEqual(q_src.query, dotted_container_qs[2]["query"])
def test_connect_queries_dotted(self): """Test queries provided at connect time.""" queries = { "test_query1": "Select * from test", "test_query2": "Select * from test2", "test.query3": "Select * from test2", } # Same test as above but with dotted container ut_provider = UTDataDriver() ut_provider.svc_queries = (queries, "Saved.Searches") data_provider = QueryProvider( data_environment="LogAnalytics", driver=ut_provider ) data_provider.connect("testuri") self.assertTrue(hasattr(data_provider, "Saved")) saved_searches = getattr(data_provider, "Saved") saved_searches = getattr(saved_searches, "Searches") for attr in queries: attr = attr.split(".")[0] self.assertTrue(hasattr(saved_searches, attr)) self.assertTrue( isinstance(getattr(saved_searches, attr), (partial, QueryContainer)) ) q_store = data_provider._query_store q_src = q_store.get_query("Saved.Searches.test.query3") self.assertEqual(q_src.query, queries["test.query3"])
def test_create_provider(self): """Test method.""" qry_prov = QueryProvider("LocalData") qry_prov.connect() self.assertTrue(qry_prov.connected) queries = qry_prov.list_queries() self.assertGreaterEqual(len(queries), 8) self.assertIn("SecurityAlert.list_alerts", queries) self.assertIn("WindowsSecurity.list_host_events", queries) self.assertIn("Network.list_azure_network_flows_by_ip", queries)
def test_connect_queries(self): """Test queries provided at connect time.""" ut_provider = UTDataDriver() ut_provider.svc_queries = _TEST_QUERIES data_provider = QueryProvider(data_environment="LogAnalytics", driver=ut_provider) data_provider.connect("testuri") # Check that we have expected attributes self.assertTrue(hasattr(data_provider, "SavedSearches")) saved_searches = getattr(data_provider, "SavedSearches") for attr in _TEST_QUERIES: attr = attr["name"].split(".")[0] self.assertTrue(hasattr(saved_searches, attr)) self.assertTrue( isinstance(getattr(saved_searches, attr), (partial, QueryContainer))) # Check that we have expected query text q_store = data_provider.query_store q_src = q_store.get_query("SavedSearches.test.query3") self.assertEqual(q_src.query, _TEST_QUERIES[2]["query"])
### Import Libraries import os import pandas as pd from msticpy.nbtools.wsconfig import WorkspaceConfig from msticpy.data.data_providers import QueryProvider os.environ["KQLMAGIC_LOAD_MODE"]="silent" ### Define Connection String We are going to authenticate to our demo workspace with an AppKey. Therefore, there is no need for you to pass an azure account or authenticate with your credentials! This is a great demo environment to test your notebooks! connect_str = f"loganalytics://workspace='DEMO_WORKSPACE';appkey='DEMO_KEY';alias='myworkspace'" qry_prov = QueryProvider("LogAnalytics") qry_prov.connect(connect_str) ### Native Kqlmagic interface See https://github.com/Microsoft/jupyter-Kqlmagic %kql SecurityEvent | take 1 ### MSITCPy query interface alerts_df = qry_prov.exec_query(""" SecurityAlert | take 10 """) print(type(alerts_df)) alerts_df.head(5)