msticpy.nbwidgets.select_alert module

Module for pre-defined widget layouts.

class msticpy.nbwidgets.select_alert.AlertSelector(*args, **kwargs)

Bases: SelectAlert

AlertSelector.

View list of alerts and select one for investigation. Optionally provide and action to call with the selected alert as a parameter (typically used to display the alert.)

selected_alert

The selected alert

Type:

SecurityAlert

alert_id

The SystemAlertId of the selected alert

Type:

str

alerts

The current alert list (DataFrame)

Type:

List[SecurityAlert]

action

The callback action to execute on selection of an alert.

Type:

Callable[…, None]

.. deprecated:: 0.5.2

Superceded by SelectAlert. Will be removed in v2.0.0.

Create a new instance of AlertSelector.

Parameters:
  • alerts (pd.DataFrame) – DataFrame of alerts.

  • action (Callable[..., None], optional) – Optional function to execute for each selected alert. (the default is None)

  • columns (List[str], optional) – Override the default column names to use from alerts (the default is [‘StartTimeUtc’, ‘AlertName’, ‘CompromisedEntity’, ‘SystemAlertId’])

  • auto_display (bool, optional) – Whether to display on instantiation (the default is False)

display()

Display the interactive widgets.

property query_params

Query parameters derived from alert.

Return type:

dict(str, str) – Dictionary of parameter names

property value

Return selected alert.

class msticpy.nbwidgets.select_alert.SelectAlert(alerts: DataFrame, action: Callable[[...], Tuple | None] | None = None, columns: List[str] | None = None, auto_display: bool = False, id_col: str = 'SystemAlertId', **kwargs)

Bases: IPyDisplayMixin

Alert Selector.

View list of alerts and select one for investigation. Optionally provide and action to call with the selected alert as a parameter (typically used to display the alert.)

selected_alert

The selected alert

Type:

SecurityAlert

alert_id

The SystemAlertId of the selected alert

Type:

str

alerts

The current alert list (DataFrame)

Type:

List[SecurityAlert]

action

The callback action to execute on selection of an alert.

Type:

Callable[…, Optional[Tuple[…]]]

Create a new instance of AlertSelector.

Parameters:
  • alerts (pd.DataFrame) – DataFrame of alerts.

  • action (Callable[..., Optional[Tuple]], optional) – Optional function to execute for each selected alert. If the function returns one or a tuple of displayable objects these will be displayed.

  • columns (List[str], optional) – Override the default column names to use from alerts to generate the select list item summary (the default is [‘AlertName’, ‘ProductName’])

  • time_col (str, optional) – The column in your alerts that determines when it was created Default is ‘StartTimeUtc’ with a fallback to ‘TimeGenerated’.

  • id_col (str, optional) – The column in your data that determines the alert id Default is ‘SystemAlertId’.

  • auto_display (bool, optional) – Whether to display on instantiation (the default is False)

  • default_alert (str, optional) – If you want to select a default value provide the ID.

display()

Display the interactive widgets.

property value

Return selected alert.