msticpy.vis.entity_graph_tools module
Creates an entity graph for a Microsoft Sentinel Incident.
- class msticpy.vis.entity_graph_tools.EntityGraph(entity: Incident | Alert | DataFrame | Series | Entity | SecurityAlert)
Bases:
object
Create a graph for visualizing and tracking links between entities.
Create a new instance of the entity graph.
- Parameters:
entity (Union[Incident, Alert, pd.DataFrame, pd.Series, Entity, SecurityAlert]) – The initial item to add to the graph. Can be an Incident, Alert, SecurityAlert or other Entity
- add_entity(ent: Entity, attached_to: str | None = None)
Add an entity to the graph.
- Parameters:
ent (Entity) – The entity object to add the graph
attached_to (str, optional) – The name of the node to attach the entity to, by default None
- add_incident(incident: Incident | Alert | DataFrame)
Add another incident or set of incidents to the graph.
- add_link(source: str, target: str)
Add a link between 2 nodes on the graph.
- Parameters:
source (str) – Name of node to link from
target (str) – Name of node to link to
- Raises:
MsticpyUserError – If nodes aren’t present in the graph
- add_note(name: str, description: str | None = None, attached_to: str | List | None = None)
Add a node to the graph representing a note or comment.
- Parameters:
name (str) – The name of the node to add
description (Optional[str], optional) – A description of the note, by default None
attached_to (Union[str, List], optional) – What existing nodes on the graph to attach it the note to, by default None
user (str, optional) – What user to associate the note with
- property graph: networkx.Graph
Return the raw NetworkX graph.
- plot(hide: bool = False, timeline: bool = False, **kwargs) bokeh.models.LayoutDOM
Plot a graph of entities.
- Parameters:
hide (bool, optional) – Set true to not display the graphic, by default False
timeline (bool, optional) – Set to True to display a timeline, by default False
node_size (int, optional) – Size of the nodes in pixels, by default 25
font_size (int, optional) – Font size for node labels, by default 10 Can be an integer (point size) or a string (e.g. “10pt”)
width (int, optional) – Width in pixels, by default 800
height (int, optional) – Image height (the default is 800)
scale (int, optional) – Position scale (the default is 2)
- Returns:
A Bokeh figure object
- Return type:
LayoutDOM
- remove_link(source: str, target: str)
Remove a link between 2 nodes on the graph.
- Parameters:
source (str) – Name of node to remove link from
target (str) – name of node to remove link to
- Raises:
MsticpyUserError – If edge isn’t present in the graph
- remove_node(name: str)
Remove a node from the graph.
- Parameters:
name (str) – The name of the node to remove.
- msticpy.vis.entity_graph_tools.plot_entitygraph(entity_graph: networkx.Graph, node_size: int = 25, font_size: int | str = 10, height: int = 800, width: int = 800, scale: int = 2, hide: bool = False) figure
Plot entity graph with Bokeh.
- Parameters:
entity_graph (nx.Graph) – The entity graph as a networkX graph
node_size (int, optional) – Size of the nodes in pixels, by default 25
font_size (int, optional) – Font size for node labels, by default 10 Can be an integer (point size) or a string (e.g. “10pt”)
width (int, optional) – Width in pixels, by default 800
height (int, optional) – Image height (the default is 800)
scale (int, optional) – Position scale (the default is 2)
hide (bool, optional) – Don’t show the plot, by default False. If True, just return the figure.
- Returns:
The network plot.
- Return type:
bokeh.plotting.figure