Notebooklet Class - LogonSessionsRarity
Calculates the relative rarity of logon sessions.
It clusters the data based on process, command line and account.
Then calculates the rarity of the process pattern.
Then returns a result containing a summary of the logon sessions by rarity.
To see the methods available for the class and result class, run
cls.list_methods()
Default Options
None
Other Options
None
Display Sections
Calculate process rarity statistics for logon sessions
This first transforms the input data into features suitable for a clustering algorithm. It then clusters the data based on process, command line and account and calculates the rarity of the process pattern. It returns a result containing a summary of the logon sessions along with full results of the clustering. Methods available to view this data graphically include - list_sessions_by_rarity - table of sessions ordered by degree of rarity - plot_sessions_by_rarity - timeline plot of processes grouped by account and showing relative rarity of each process. - process_tree - a process tree of all processes or processes belonging to a single account.
Results Class
LogonSessionsRarityResult
Logon Sessions rarity.
Attributes
- process_clusters : pd.DataFrameProcess clusters based on account, process, commandline and showing the an example process from each cluster
- processes_with_cluster : pd.DataFrameMerged data with rarity value assigned to each process event.
- session_rarity: pd.DataFrameList of sessions with averaged process rarity.
Methods
Instance Methods
__init__
browse_events
list_sessions_by_rarity
plot_sessions_by_rarity
process_tree
run
Inherited methods
check_table_exists
check_valid_result_data
attrib
contains data.get_methods
get_pivot_run
get_provider
list_methods
run_nb_func
run_nb_funcs
Other Methods
add_nb_function
all_options
default_options
description
entity_types
get_help
get_settings
import_cell
keywords
list_options
match_terms
search_terms
.name
print_options
result
result [property] Return result of the most recent notebooklet run.
show_help
silent
silent [property] Get the current instance setting for silent running.
<hr>
run
function documentation
Calculate Logon sessions ordered by process rarity summary.
Parameters
- valuestr
Not used
- dataOptional[pd.DataFrame], optional
Process event data.
- timespanTimeSpan
Not used
- optionsOptional[Iterable[str]], optional
List of options to use, by default None. A value of None means use default options. Options prefixed with “+” will be added to the default options. To see the list of available options type help(cls) where “cls” is the notebooklet class or an instance of this class.
Returns
- LogonSessionsRarityResult
LogonSessionsRarityResult.
Raises
- MsticnbMissingParameterError
If required parameters are missing
Default Options
None
Other Options
None