msticpy.transform.process_tree_utils module

Process Tree Visualization.

class msticpy.transform.process_tree_utils.TemplateLine(items: List[Tuple[str, str]] = [], wrap: int = 80)

Bases: NamedTuple

Template definition for a line in text process tree.

Notes

The items attribute must be a list of tuples, where each tuple is (<display_name>, <column_name>).

Create new instance of TemplateLine(items, wrap)

count(value, /)

Return number of occurrences of value.

index(value, start=0, stop=9223372036854775807, /)

Return first index of value.

Raises ValueError if the value is not present.

items: List[Tuple[str, str]]

Alias for field number 0

wrap: int

Alias for field number 1

msticpy.transform.process_tree_utils.get_ancestors(procs: DataFrame, source, include_source=True) DataFrame

Return the ancestor processes of the source process.

Parameters:

  • procs (pd.DataFrame) – Process events (with process tree metadata)

  • source (Union[str, pd.Series]) – source_index of process or the process row

  • include_source (bool, optional) – Include the source process in the results, by default True

Returns:

Ancestor processes

Return type:

pd.DataFrame

msticpy.transform.process_tree_utils.get_children(procs: DataFrame, source: str | Series, include_source: bool = True) DataFrame

Return the child processes for the source process.

Parameters:

  • procs (pd.DataFrame) – Process events (with process tree metadata)

  • source (Union[str, pd.Series]) – source_index of process or the process row

  • include_source (bool, optional) – If True include the source process in the results, by default True

Returns:

Child processes

Return type:

pd.DataFrame

msticpy.transform.process_tree_utils.get_descendents(procs: DataFrame, source: str | Series, include_source: bool = True, max_levels: int = -1) DataFrame

Return the descendents of the source process.

Parameters:

  • procs (pd.DataFrame) – Process events (with process tree metadata)

  • source (Union[str, pd.Series]) – source_index of process or the process row

  • include_source (bool, optional) – Include the source process in the results, by default True

  • max_levels (int, optional) – Maximum number of levels to descend, by default -1 (all levels)

Returns:

Descendent processes

Return type:

pd.DataFrame

msticpy.transform.process_tree_utils.get_parent(procs: DataFrame, source: str | Series) Series | None

Return the parent of the source process.

Parameters:

  • procs (pd.DataFrame) – Process events (with process tree metadata)

  • source (Union[str, pd.Series]) – source_index of process or the process row

Returns:

Parent Process row or None if no parent was found.

Return type:

Optional[pd.Series]

msticpy.transform.process_tree_utils.get_process(procs: DataFrame, source: str | Series) Series

Return the process event as a Series.

Parameters:

  • procs (pd.DataFrame) – Process events (with process tree metadata)

  • source (Union[str, pd.Series]) – source_index of process or the process row

Returns:

Process row

Return type:

pd.Series

Raises:

ValueError – If unknown type is supplied as source

msticpy.transform.process_tree_utils.get_process_key(procs: DataFrame, source_index: int) str

Return the process key of the process given its source_index.

Parameters:

  • procs (pd.DataFrame) – Process events

  • source_index (int, optional) – source_index of the process record

Returns:

The process key of the process.

Return type:

str

msticpy.transform.process_tree_utils.get_root(procs: DataFrame, source: str | Series) Series

Return the root process for the source process.

Parameters:

  • procs (pd.DataFrame) – Process events (with process tree metadata)

  • source (Union[str, pd.Series]) – source_index of process or the process row

Returns:

Root process

Return type:

pd.Series

msticpy.transform.process_tree_utils.get_root_tree(procs: DataFrame, source: str | Series) DataFrame

Return the process tree to which the source process belongs.

Parameters:

  • procs (pd.DataFrame) – Process events (with process tree metadata)

  • source (Union[str, pd.Series]) – source_index of process or the process row

Returns:

Process Tree

Return type:

pd.DataFrame

msticpy.transform.process_tree_utils.get_roots(procs: DataFrame) DataFrame

Return the process tree roots for the current data set.

Parameters:

procs (pd.DataFrame) – Process events (with process tree metadata)

Returns:

Process Tree root processes

Return type:

pd.DataFrame

msticpy.transform.process_tree_utils.get_siblings(procs: DataFrame, source: str | Series, include_source: bool = True) DataFrame

Return the processes that share the parent of the source process.

Parameters:

  • procs (pd.DataFrame) – Process events (with process tree metadata)

  • source (Union[str, pd.Series]) – source_index of process or the process row

  • include_source (bool, optional) – Include the source process in the results, by default True

Returns:

Sibling processes.

Return type:

pd.DataFrame

msticpy.transform.process_tree_utils.get_summary_info(procs: DataFrame) Dict[str, int]

Return summary information about the process trees.

Parameters:

procs (pd.DataFrame) – Process events (with process tree metadata)

Returns:

Summary statistic about the process tree

Return type:

Dict[str, int]

msticpy.transform.process_tree_utils.get_tree_depth(procs: DataFrame) int

Return the depth of the process tree.

Parameters:

procs (pd.DataFrame) – Process events (with process tree metadata)

Returns:

Tree depth

Return type:

int

msticpy.transform.process_tree_utils.tree_to_text(procs: DataFrame, schema: ProcSchema | Dict[str, str] | None = None, template: List[TemplateLine] | None = None, sort_column: str = 'path', wrap_column: int = 0) str

Return text rendering of process tree.

Parameters:

  • procs (pd.DataFrame) – The process tree DataFrame.

  • schema (Optional[Union[ProcSchema, Dict[str, str]]], optional) – The schema to use for mapping the DataFrame column names, by default None

  • template (Optional[List[TemplateLine]], optional) – A manually created template to use to create the node formatting, by default None

  • sort_column (str, optional) – The column to sort the DataFrame by, by default “path”

  • wrap_column (int, optional) – Override any template-specified wrap limit, by default 0

Returns:

The formatted process tree string.

Return type:

str

Raises:

ValueError – If neither of