msticpy.analysis.cluster_auditd module
Auditd cluster function.
- msticpy.analysis.cluster_auditd.cluster_auditd_processes(audit_data: DataFrame, app: Optional[str] = None) DataFrame
Clusters process data into specific processes.
- Parameters
audit_data (pd.DataFrame) – The Audit data containing process creation events
app (str, optional) – The name of a specific app you wish to cluster
- Returns
Details of the clustered process
- Return type
pd.DataFrame