msticpy.vis.nbdisplay module

Module for common display functions.

msticpy.vis.nbdisplay.display_alert(alert: Mapping[str, Any] | SecurityAlert, show_entities: bool = False)

Display a Security Alert.

Parameters:

  • alert (Union[Mapping[str, Any], SecurityAlert]) – The alert to display as Mapping (e.g. pd.Series) or SecurityAlert

  • show_entities (bool, optional) – Whether to display entities (the default is False)

msticpy.vis.nbdisplay.display_logon_data(logon_event: DataFrame, alert: SecurityAlert | None = None, os_family: str | None = None)

Display logon data for one or more events as HTML table.

Parameters:

  • logon_event (pd.DataFrame) – Dataframe containing one or more logon events

  • alert (SecurityAlert, optional) – obtain os_family from the security alert (the default is None)

  • os_family (str, optional) – explicitly specify os_family (Linux or Windows) (the default is None)

Notes

Currently only Windows Logon events.

msticpy.vis.nbdisplay.draw_alert_entity_graph(nx_graph: networkx.Graph, font_size: int = 12, height: int = 8, width: int = 8, margin: float = 0.3, scale: int = 1)

Draw networkX graph with matplotlib.

Parameters:

  • nx_graph (nx.Graph) – The NetworkX graph to draw

  • font_size (int, optional) – base font size (the default is 12)

  • height (int, optional) – Image height (the default is 8)

  • width (int, optional) – Image width (the default is 8)

  • margin (float, optional) – Image margin (the default is 0.3)

  • scale (int, optional) – Position scale (the default is 1)

  • deprecated: (..) – 0.3.2: Matplotlib version ‘draw_alert_entity_graph’ no longer supported - use ‘plot_entity_graph’

msticpy.vis.nbdisplay.exec_remaining_cells()

Execute all cells below currently selected cell.

msticpy.vis.nbdisplay.format_alert(alert: Mapping[str, Any] | SecurityAlert, show_entities: bool = False) IPython.display.HTML | Tuple[IPython.display.HTML, DataFrame]

Get IPython displayable Security Alert.

Parameters:

  • alert (Union[Mapping[str, Any], SecurityAlert]) – The alert to display as Mapping (e.g. pd.Series) or SecurityAlert

  • show_entities (bool, optional) – Whether to display entities (the default is False)

Returns:

Single or tuple of displayable IPython objects

Return type:

Union[IPython.display.HTML, Tuple[IPython.display.HTML, pd.DataFrame]]

Raises:

ValueError – If the alert object is in an unknown format

msticpy.vis.nbdisplay.format_logon(logon_event: DataFrame | Series, alert: SecurityAlert | None = None, os_family: str | None = None) IPython.display.HTML

Return logon data for one or more events as HTML table.

Parameters:

  • logon_event (Union[pd.DataFrame, pd.Series]) – Dataframe containing one or more logon events or Series containing a single logon event.

  • alert (SecurityAlert, optional) – obtain os_family from the security alert (the default is None)

  • os_family (str, optional) – explicitly specify os_family (Linux or Windows) (the default is None)

Returns:

HTML display object

Return type:

IPython.display.HTML