msticpy.transform.process_tree_utils module
Process Tree Visualization.
- class msticpy.transform.process_tree_utils.TemplateLine(items: List[Tuple[str, str]] = [], wrap: int = 80)
Bases:
NamedTuple
Template definition for a line in text process tree.
Notes
The items attribute must be a list of tuples, where each tuple is (<display_name>, <column_name>).
Create new instance of TemplateLine(items, wrap)
- count(value, /)
Return number of occurrences of value.
- index(value, start=0, stop=9223372036854775807, /)
Return first index of value.
Raises ValueError if the value is not present.
- items: List[Tuple[str, str]]
Alias for field number 0
- wrap: int
Alias for field number 1
- msticpy.transform.process_tree_utils.get_ancestors(procs: DataFrame, source, include_source=True) DataFrame
Return the ancestor processes of the source process.
- Parameters:
procs (pd.DataFrame) – Process events (with process tree metadata)
source (Union[str, pd.Series]) – source_index of process or the process row
include_source (bool, optional) – Include the source process in the results, by default True
- Returns:
Ancestor processes
- Return type:
pd.DataFrame
- msticpy.transform.process_tree_utils.get_children(procs: DataFrame, source: str | Series, include_source: bool = True) DataFrame
Return the child processes for the source process.
- Parameters:
procs (pd.DataFrame) – Process events (with process tree metadata)
source (Union[str, pd.Series]) – source_index of process or the process row
include_source (bool, optional) – If True include the source process in the results, by default True
- Returns:
Child processes
- Return type:
pd.DataFrame
- msticpy.transform.process_tree_utils.get_descendents(procs: DataFrame, source: str | Series, include_source: bool = True, max_levels: int = -1) DataFrame
Return the descendents of the source process.
- Parameters:
procs (pd.DataFrame) – Process events (with process tree metadata)
source (Union[str, pd.Series]) – source_index of process or the process row
include_source (bool, optional) – Include the source process in the results, by default True
max_levels (int, optional) – Maximum number of levels to descend, by default -1 (all levels)
- Returns:
Descendent processes
- Return type:
pd.DataFrame
- msticpy.transform.process_tree_utils.get_parent(procs: DataFrame, source: str | Series) Series | None
Return the parent of the source process.
- Parameters:
procs (pd.DataFrame) – Process events (with process tree metadata)
source (Union[str, pd.Series]) – source_index of process or the process row
- Returns:
Parent Process row or None if no parent was found.
- Return type:
Optional[pd.Series]
- msticpy.transform.process_tree_utils.get_process(procs: DataFrame, source: str | Series) Series
Return the process event as a Series.
- Parameters:
procs (pd.DataFrame) – Process events (with process tree metadata)
source (Union[str, pd.Series]) – source_index of process or the process row
- Returns:
Process row
- Return type:
pd.Series
- Raises:
ValueError – If unknown type is supplied as source
- msticpy.transform.process_tree_utils.get_process_key(procs: DataFrame, source_index: int) str
Return the process key of the process given its source_index.
- Parameters:
procs (pd.DataFrame) – Process events
source_index (int, optional) – source_index of the process record
- Returns:
The process key of the process.
- Return type:
str
- msticpy.transform.process_tree_utils.get_root(procs: DataFrame, source: str | Series) Series
Return the root process for the source process.
- Parameters:
procs (pd.DataFrame) – Process events (with process tree metadata)
source (Union[str, pd.Series]) – source_index of process or the process row
- Returns:
Root process
- Return type:
pd.Series
- msticpy.transform.process_tree_utils.get_root_tree(procs: DataFrame, source: str | Series) DataFrame
Return the process tree to which the source process belongs.
- Parameters:
procs (pd.DataFrame) – Process events (with process tree metadata)
source (Union[str, pd.Series]) – source_index of process or the process row
- Returns:
Process Tree
- Return type:
pd.DataFrame
- msticpy.transform.process_tree_utils.get_roots(procs: DataFrame) DataFrame
Return the process tree roots for the current data set.
- Parameters:
procs (pd.DataFrame) – Process events (with process tree metadata)
- Returns:
Process Tree root processes
- Return type:
pd.DataFrame
- msticpy.transform.process_tree_utils.get_siblings(procs: DataFrame, source: str | Series, include_source: bool = True) DataFrame
Return the processes that share the parent of the source process.
- Parameters:
procs (pd.DataFrame) – Process events (with process tree metadata)
source (Union[str, pd.Series]) – source_index of process or the process row
include_source (bool, optional) – Include the source process in the results, by default True
- Returns:
Sibling processes.
- Return type:
pd.DataFrame
- msticpy.transform.process_tree_utils.get_summary_info(procs: DataFrame) Dict[str, int]
Return summary information about the process trees.
- Parameters:
procs (pd.DataFrame) – Process events (with process tree metadata)
- Returns:
Summary statistic about the process tree
- Return type:
Dict[str, int]
- msticpy.transform.process_tree_utils.get_tree_depth(procs: DataFrame) int
Return the depth of the process tree.
- Parameters:
procs (pd.DataFrame) – Process events (with process tree metadata)
- Returns:
Tree depth
- Return type:
int
- msticpy.transform.process_tree_utils.tree_to_text(procs: DataFrame, schema: ProcSchema | Dict[str, str] | None = None, template: List[TemplateLine] | None = None, sort_column: str = 'path', wrap_column: int = 0) str
Return text rendering of process tree.
- Parameters:
procs (pd.DataFrame) – The process tree DataFrame.
schema (Optional[Union[ProcSchema, Dict[str, str]]], optional) – The schema to use for mapping the DataFrame column names, by default None
template (Optional[List[TemplateLine]], optional) – A manually created template to use to create the node formatting, by default None
sort_column (str, optional) – The column to sort the DataFrame by, by default “path”
wrap_column (int, optional) – Override any template-specified wrap limit, by default 0
- Returns:
The formatted process tree string.
- Return type:
str
- Raises:
ValueError – If neither of