msticpy.analysis.cluster_auditd module

Auditd cluster function.

msticpy.analysis.cluster_auditd.cluster_auditd_processes(audit_data: DataFrame, app: str | None = None) → DataFrame

Clusters process data into specific processes.

Parameters:

audit_data (pd.DataFrame) – The Audit data containing process creation events
app (str, optional) – The name of a specific app you wish to cluster

Returns:

Details of the clustered process

Return type:

pd.DataFrame

Read the Docs v: latest

Versions: latest; stable; v2.11.0; v2.10.0; v2.9.0; v2.7.0; v2.3.0; v2.2.0; v2.1.0; v2.0.0; v1.8.0; v1.7.5; v1.7.0; v1.6.1; v1.5.0; v1.4.0; v1.3.0; v1.2.1; v1.1.0; v1.0.0; release-msticpy-v2.0.0

Downloads

On Read the Docs: Project Home; Builds