msticpy.nbwidgets.select_alert module
Module for pre-defined widget layouts.
- class msticpy.nbwidgets.select_alert.AlertSelector(*args, **kwargs)
Bases:
SelectAlert
AlertSelector.
View list of alerts and select one for investigation. Optionally provide and action to call with the selected alert as a parameter (typically used to display the alert.)
- selected_alert
The selected alert
- Type:
- alert_id
The SystemAlertId of the selected alert
- Type:
str
- alerts
The current alert list (DataFrame)
- Type:
List[SecurityAlert]
- action
The callback action to execute on selection of an alert.
- Type:
Callable[…, None]
- .. deprecated:: 0.5.2
Superceded by SelectAlert. Will be removed in v2.0.0.
Create a new instance of AlertSelector.
- Parameters:
alerts (pd.DataFrame) – DataFrame of alerts.
action (Callable[..., None], optional) – Optional function to execute for each selected alert. (the default is None)
columns (List[str], optional) – Override the default column names to use from alerts (the default is [‘StartTimeUtc’, ‘AlertName’, ‘CompromisedEntity’, ‘SystemAlertId’])
auto_display (bool, optional) – Whether to display on instantiation (the default is False)
- display()
Display the interactive widgets.
- property query_params
Query parameters derived from alert.
- Return type:
dict(str, str) – Dictionary of parameter names
- property value
Return selected alert.
- class msticpy.nbwidgets.select_alert.SelectAlert(alerts: DataFrame, action: Callable[[...], Tuple | None] | None = None, columns: List[str] | None = None, auto_display: bool = False, id_col: str = 'SystemAlertId', **kwargs)
Bases:
IPyDisplayMixin
Alert Selector.
View list of alerts and select one for investigation. Optionally provide and action to call with the selected alert as a parameter (typically used to display the alert.)
- selected_alert
The selected alert
- Type:
- alert_id
The SystemAlertId of the selected alert
- Type:
str
- alerts
The current alert list (DataFrame)
- Type:
List[SecurityAlert]
- action
The callback action to execute on selection of an alert.
- Type:
Callable[…, Optional[Tuple[…]]]
Create a new instance of AlertSelector.
- Parameters:
alerts (pd.DataFrame) – DataFrame of alerts.
action (Callable[..., Optional[Tuple]], optional) – Optional function to execute for each selected alert. If the function returns one or a tuple of displayable objects these will be displayed.
columns (List[str], optional) – Override the default column names to use from alerts to generate the select list item summary (the default is [‘AlertName’, ‘ProductName’])
time_col (str, optional) – The column in your alerts that determines when it was created Default is ‘StartTimeUtc’ with a fallback to ‘TimeGenerated’.
id_col (str, optional) – The column in your data that determines the alert id Default is ‘SystemAlertId’.
auto_display (bool, optional) – Whether to display on instantiation (the default is False)
default_alert (str, optional) – If you want to select a default value provide the ID.
- display()
Display the interactive widgets.
- property value
Return selected alert.