msticpy.transform.process_tree_utils module

Process Tree Visualization.

msticpy.transform.process_tree_utils.get_ancestors(procs: DataFrame, source, include_source=True) DataFrame

Return the ancestor processes of the source process.

Parameters

  • procs (pd.DataFrame) – Process events (with process tree metadata)

  • source (Union[str, pd.Series]) – source_index of process or the process row

  • include_source (bool, optional) – Include the source process in the results, by default True

Returns

Ancestor processes

Return type

pd.DataFrame

msticpy.transform.process_tree_utils.get_children(procs: DataFrame, source: Union[str, Series], include_source: bool = True) DataFrame

Return the child processes for the source process.

Parameters

  • procs (pd.DataFrame) – Process events (with process tree metadata)

  • source (Union[str, pd.Series]) – source_index of process or the process row

  • include_source (bool, optional) – If True include the source process in the results, by default True

Returns

Child processes

Return type

pd.DataFrame

msticpy.transform.process_tree_utils.get_descendents(procs: DataFrame, source: Union[str, Series], include_source: bool = True, max_levels: int = -1) DataFrame

Return the descendents of the source process.

Parameters

  • procs (pd.DataFrame) – Process events (with process tree metadata)

  • source (Union[str, pd.Series]) – source_index of process or the process row

  • include_source (bool, optional) – Include the source process in the results, by default True

  • max_levels (int, optional) – Maximum number of levels to descend, by default -1 (all levels)

Returns

Descendent processes

Return type

pd.DataFrame

msticpy.transform.process_tree_utils.get_parent(procs: DataFrame, source: Union[str, Series]) Optional[Series]

Return the parent of the source process.

Parameters

  • procs (pd.DataFrame) – Process events (with process tree metadata)

  • source (Union[str, pd.Series]) – source_index of process or the process row

Returns

Parent Process row or None if no parent was found.

Return type

Optional[pd.Series]

msticpy.transform.process_tree_utils.get_process(procs: DataFrame, source: Union[str, Series]) Series

Return the process event as a Series.

Parameters

  • procs (pd.DataFrame) – Process events (with process tree metadata)

  • source (Union[str, pd.Series]) – source_index of process or the process row

Returns

Process row

Return type

pd.Series

Raises

ValueError – If unknown type is supplied as source

msticpy.transform.process_tree_utils.get_process_key(procs: DataFrame, source_index: int) str

Return the process key of the process given its source_index.

Parameters

  • procs (pd.DataFrame) – Process events

  • source_index (int, optional) – source_index of the process record

Returns

The process key of the process.

Return type

str

msticpy.transform.process_tree_utils.get_root(procs: DataFrame, source: Union[str, Series]) Series

Return the root process for the source process.

Parameters

  • procs (pd.DataFrame) – Process events (with process tree metadata)

  • source (Union[str, pd.Series]) – source_index of process or the process row

Returns

Root process

Return type

pd.Series

msticpy.transform.process_tree_utils.get_root_tree(procs: DataFrame, source: Union[str, Series]) DataFrame

Return the process tree to which the source process belongs.

Parameters

  • procs (pd.DataFrame) – Process events (with process tree metadata)

  • source (Union[str, pd.Series]) – source_index of process or the process row

Returns

Process Tree

Return type

pd.DataFrame

msticpy.transform.process_tree_utils.get_roots(procs: DataFrame) DataFrame

Return the process tree roots for the current data set.

Parameters

procs (pd.DataFrame) – Process events (with process tree metadata)

Returns

Process Tree root processes

Return type

pd.DataFrame

msticpy.transform.process_tree_utils.get_siblings(procs: DataFrame, source: Union[str, Series], include_source: bool = True) DataFrame

Return the processes that share the parent of the source process.

Parameters

  • procs (pd.DataFrame) – Process events (with process tree metadata)

  • source (Union[str, pd.Series]) – source_index of process or the process row

  • include_source (bool, optional) – Include the source process in the results, by default True

Returns

Sibling processes.

Return type

pd.DataFrame

msticpy.transform.process_tree_utils.get_summary_info(procs: DataFrame) Dict[str, int]

Return summary information about the process trees.

Parameters

procs (pd.DataFrame) – Process events (with process tree metadata)

Returns

Summary statistic about the process tree

Return type

Dict[str, int]

msticpy.transform.process_tree_utils.get_tree_depth(procs: DataFrame) int

Return the depth of the process tree.

Parameters

procs (pd.DataFrame) – Process events (with process tree metadata)

Returns

Tree depth

Return type

int