msticpy.transform.proc_tree_build_winlx module
Process Tree builder for Windows security and Linux auditd events.
- msticpy.transform.proc_tree_build_winlx.extract_process_tree(procs: DataFrame, schema: ProcSchema, debug: bool = False) DataFrame
Build process trees from the process events.
- Parameters:
procs (pd.DataFrame) – Process events (Windows 4688 or Linux Auditd)
schema (Union[ProcSchema, Dict[str, Any]], optional) – The column schema to use, by default None. If supplied as a dict it must include definitions for the required fields in the ProcSchema class If None, then the schema is inferred
debug (bool) – If True produces extra debugging output, by default False
- Returns:
Process tree dataframe.
- Return type:
pd.DataFrame
See also
ProcSchema