msticpy.analysis.cluster_auditd module
Auditd cluster function.
- msticpy.analysis.cluster_auditd.cluster_auditd_processes(audit_data: DataFrame, app: str | None = None) DataFrame
Clusters process data into specific processes.
- Parameters:
audit_data (pd.DataFrame) – The Audit data containing process creation events
app (str, optional) – The name of a specific app you wish to cluster
- Returns:
Details of the clustered process
- Return type:
pd.DataFrame