msticpy.vis.timeline_duration module

Timeline duration plot.

class msticpy.vis.timeline_duration.PlotParams(height: int | None = None, width: int = 900, title: str | None = None, yaxis: bool = True, range_tool: bool = True, xgrid: bool = True, ygrid: bool = False, hide: bool = False, color: str = 'navy', ylabel_cols: Iterable[str] = NOTHING, ref_events: DataFrame | None = None, ref_col: str | None = None, ref_times: List[Tuple[datetime, str]] | None = None, source_columns: List = [])

Bases: object

Plot params for time_duration.

Method generated by attrs for class PlotParams.

color: str

classmethod field_list() → List[str]: Return field names as a list.

height: int | None

hide: bool

range_tool: bool

ref_col: str | None

ref_events: DataFrame | None

ref_times: List[Tuple[datetime, str]] | None

source_columns: List

title: str | None

width: int

xgrid: bool

yaxis: bool

ygrid: bool

ylabel_cols: Iterable[str]

msticpy.vis.timeline_duration.display_timeline_duration(data: DataFrame, group_by: Iterable[str] | str, time_column: str = 'TimeGenerated', end_time_column: str | None = None, **kwargs) → bokeh.models.LayoutDOM

Display a duration timeline of events grouped by one or more columns.

Parameters:

data (pd.DataFrame) – Data to plot
group_by (Union[Iterable[str], str]) – The column name or iterable of column names to group the data by.
time_column (str) – Primary time column - will be used to calculate the start time of the duration for each group. If end_time_column is not specified it will also be used to calculate the end time.
end_time_column (Optional[str]) – If supplied, it will be used to calculate the end time of the duration for each group.
title (str, optional) – Title to display (the default is None)
ylabel_cols (Optional[Iterable[str]], optional) – The subset of the group columns to use for the y-axis labels.
yaxis (bool, optional) – Whether to show the yaxis and labels
range_tool (bool, optional) – Show the the range slider tool (default is True)
source_columns (list, optional) – List of default source columns to use in tooltips (the default is None)
height (int, optional) – The height of the plot figure (the default is auto-calculated height)
width (int, optional) – The width of the plot figure (the default is 900)
color (str) – Default series color (default is “navy”)
ref_events (pd.DataFrame, optional) – Add references line/label using the event times in the dataframe. (the default is None)
ref_col (str, optional) – The column name to use for the label from ref_events (the default is None)
ref_times (List[Tuple[datetime, str]], optional) – Add one or more reference line/label using (the default is None)

Returns:

The bokeh plot figure.

Return type:

LayoutDOM