msticpy.vis.timeline module

Timeline base plot.

class msticpy.vis.timeline.PlotParams(time_column: str = 'TimeGenerated', height: int | None = None, width: int = 900, title: str = 'Events', yaxis: bool = True, range_tool: bool = True, group_by: str | None = None, legend: str | None = None, xgrid: bool = True, ygrid: bool = False, hide: bool = False, color: str = 'navy', size: int = 10, ylabel_cols: Iterable[str] = _Nothing.NOTHING, ref_event: Any | None = None, ref_time: datetime | None = None, ref_events: DataFrame | None = None, ref_col: str | None = None, ref_time_col: str | None = None, ref_times: List[Tuple[datetime, str]] | None = None, ref_label: str = 'Ref time', source_columns: List[str] = [], alert: Any | None = None, overlay_color: str | None = None, overlay_data: DataFrame | None = None, overlay_columns: Iterable[str] = _Nothing.NOTHING)

Bases: object

Plot params for time_duration.

Method generated by attrs for class PlotParams.

alert: Any
color: str
classmethod field_list() List[str]

Return field names as a list.

property fmt_title

Return formatted title.

group_by: str | None
height: int | None
hide: bool
legend: str | None
overlay_color: str | None
overlay_columns: Iterable[str]
overlay_data: DataFrame | None
range_tool: bool
ref_col: str | None
ref_event: Any | None
ref_events: DataFrame | None
ref_label: str
ref_time: datetime | None
ref_time_col: str | None
ref_times: List[Tuple[datetime, str]] | None
size: int
source_columns: List[str]
time_column: str
title: str
width: int
xgrid: bool
yaxis: bool
ygrid: bool
ylabel_cols: Iterable[str]
msticpy.vis.timeline.display_timeline(data: DataFrame | dict, time_column: str = 'TimeGenerated', source_columns: List[str] | None = None, **kwargs) bokeh.models.LayoutDOM

Display a timeline of events.

Parameters:
  • data (Union[dict, pd.DataFrame]) –

    Either dict of data sets to plot on the timeline with the following structure:

    Key (str) - Name of data set to be displayed in legend
    Value (Dict[str, Any]) - containing:
        data (pd.DataFrame) - Data to plot
        time_column (str, optional) - Name of the timestamp column
        source_columns (list[str], optional) - source columns to use
            in tooltips
        color (str, optional) - color of data points for this data
        size (int) - size of plotted event glyphs
    If any of the last values are omitted, they default to the values
    supplied as parameters to the function (see below)
    

    Or DataFrame as a single data set or grouped into individual plot series using the group_by parameter

  • time_column (str, optional) – Name of the timestamp column (the default is ‘TimeGenerated’)

  • source_columns (Optional[List[str]]) – List of default source columns to use in tooltips (the default is None)

  • title (str, optional) – Title to display (the default is None)

  • alert (SecurityAlert, optional) – Add a reference line/label using the alert time (the default is None)

  • ref_event (Any, optional) – Add a reference line/label using the alert time (the default is None)

  • ref_time (datetime, optional) – Add a reference line/label using ref_time (the default is None)

  • group_by (str) – (where data is a DataFrame) The column to group timelines on

  • size (Union[int, str]) – The size of the event glyph. If a string the size is taken as a column in the input data. If an integer, this is used as the fixed size.

  • legend (str, optional) – “left”, “right”, “inline” or “none” (the default is to show a legend when plotting multiple series and not to show one when plotting a single series)

  • yaxis (bool, optional) – Whether to show the yaxis and labels (default is False)

  • ygrid (bool, optional) – Whether to show the yaxis grid (default is False)

  • xgrid (bool, optional) – Whether to show the xaxis grid (default is True)

  • range_tool (bool, optional) – Show the the range slider tool (default is True)

  • height (int, optional) – The height of the plot figure (the default is auto-calculated height)

  • width (int, optional) – The width of the plot figure (the default is 900)

  • color (str) – Default series color (default is “navy”)

  • overlay_data (pd.DataFrame:) – A second dataframe to plot as a different series.

  • overlay_color (str) – Overlay series color (default is “green”)

  • hide (bool, optional) – If True, create but do not display the plot. By default, False.

  • ref_events (pd.DataFrame, optional) – Add references line/label using the event times in the dataframe. (the default is None)

  • ref_time_col (str, optional) – Add references line/label using the this column in ref_events for the time value (x-axis). (this defaults the value of the time_column parameter or ‘TimeGenerated’ time_column is None)

  • ref_col (str, optional) – The column name to use for the label from ref_events (the default is None)

  • ref_times (List[Tuple[datetime, str]], optional) – Add one or more reference line/label using (the default is None)

Returns:

The bokeh plot figure.

Return type:

LayoutDOM