msticpy.vis.nbdisplay module

Module for common display functions.

msticpy.vis.nbdisplay.display_alert(alert: Union[Mapping[str, Any], SecurityAlert], show_entities: bool = False)

Display a Security Alert.

Parameters

  • alert (Union[Mapping[str, Any], SecurityAlert]) – The alert to display as Mapping (e.g. pd.Series) or SecurityAlert

  • show_entities (bool, optional) – Whether to display entities (the default is False)

msticpy.vis.nbdisplay.display_logon_data(logon_event: DataFrame, alert: Optional[SecurityAlert] = None, os_family: Optional[str] = None)

Display logon data for one or more events as HTML table.

Parameters

  • logon_event (pd.DataFrame) – Dataframe containing one or more logon events

  • alert (SecurityAlert, optional) – obtain os_family from the security alert (the default is None)

  • os_family (str, optional) – explicitly specify os_family (Linux or Windows) (the default is None)

Notes

Currently only Windows Logon events.

msticpy.vis.nbdisplay.draw_alert_entity_graph(nx_graph: networkx.Graph, font_size: int = 12, height: int = 8, width: int = 8, margin: float = 0.3, scale: int = 1)

Draw networkX graph with matplotlib.

Parameters

  • nx_graph (nx.Graph) – The NetworkX graph to draw

  • font_size (int, optional) – base font size (the default is 12)

  • height (int, optional) – Image height (the default is 8)

  • width (int, optional) – Image width (the default is 8)

  • margin (float, optional) – Image margin (the default is 0.3)

  • scale (int, optional) – Position scale (the default is 1)

  • deprecated: (..) – 0.3.2: Matplotlib version ‘draw_alert_entity_graph’ no longer supported - use ‘plot_entity_graph’

msticpy.vis.nbdisplay.exec_remaining_cells()

Execute all cells below currently selected cell.

msticpy.vis.nbdisplay.format_alert(alert: Union[Mapping[str, Any], SecurityAlert], show_entities: bool = False) Union[IPython.display.HTML, Tuple[IPython.display.HTML, DataFrame]]

Get IPython displayable Security Alert.

Parameters

  • alert (Union[Mapping[str, Any], SecurityAlert]) – The alert to display as Mapping (e.g. pd.Series) or SecurityAlert

  • show_entities (bool, optional) – Whether to display entities (the default is False)

Returns

Single or tuple of displayable IPython objects

Return type

Union[IPython.display.HTML, Tuple[IPython.display.HTML, pd.DataFrame]]

Raises

ValueError – If the alert object is in an unknown format

msticpy.vis.nbdisplay.format_logon(logon_event: Union[DataFrame, Series], alert: Optional[SecurityAlert] = None, os_family: Optional[str] = None) IPython.display.HTML

Return logon data for one or more events as HTML table.

Parameters

  • logon_event (Union[pd.DataFrame, pd.Series]) – Dataframe containing one or more logon events or Series containing a single logon event.

  • alert (SecurityAlert, optional) – obtain os_family from the security alert (the default is None)

  • os_family (str, optional) – explicitly specify os_family (Linux or Windows) (the default is None)

Returns

HTML display object

Return type

IPython.display.HTML