Notebooklet Class - URLSummary
URLSummary Notebooklet class.
Queries and displays information about a URL including:
Domain and IP Whois Information
Threat Intelligence Results
TLS Certificates used the Domain
Data about where URL appears in the environment.
Default Options
ti: Displays TI results for the URL.
whois: Display a summary of the URL.
ip_record: Display a summary of the IP address the URL resolves to.
cert: Display a summary of TLS certs used by the URL.
alerts: Displays a DataFrame of all alerts associated with the URL.
bookmarks: Displays a DataFrame of all bookmarks associated with the URL.
dns: Displays a DataFrame of all DNS events associated with the URL.
hosts: Displays a DataFrame of all hosts associated with the URL.
Other Options
screenshot: Capture and display a screenshot of the URL.
Display Sections
URL Summary
This shows an overview of the URL in question including a large number of contextual items. It will show overview of WhoIs information related to the URL, Threat Intelligence provider results for the URL, and details of TLS certificates associated with the URL. In addition this section will show a selection of data from an environment where the URL is present including DNS lookup events, alerts and bookmarks referencing the URL, and network traffic to the URL.
Results Class
URLSummaryResult
URL Details Results.
Attributes
- summary : msticpy.datamodel.entities.HostA summary of the URL provided.
- domain_record : pd.DataFrameWhoIs data related to the domain.
- cert_details: pd.DataFrameDetails of TLS certificates used (if any).
- ip_record: pd.DataFrameDetails of the IP Address associated with the URL.
- related_alerts: pd.DataFrameAny alerts referencing the URL.
- bookmarks: pd.DataFrameAny bookmarks referencing the URL.
- hosts: ListA list of host names seen communicating with the URL.
- flows: pd.DataFrameDetails of network flows associated with the URL.
- flow_graph: LayoutDOMA timeline plot showing network traffic volumes to the URL.
Methods
Instance Methods
__init__
browse_alerts
run
display_alert_timeline
Inherited methods
check_table_exists
check_valid_result_data
attrib
contains data.get_methods
get_pivot_run
get_provider
list_methods
run_nb_func
run_nb_funcs
Other Methods
add_nb_function
all_options
default_options
description
entity_types
get_help
get_settings
import_cell
keywords
list_options
match_terms
search_terms
.name
print_options
result
result [property] Return result of the most recent notebooklet run.
show_help
silent
silent [property] Get the current instance setting for silent running.
<hr>
run
function documentation
Return URL summary data.
Parameters
- valuestr
The URL
- dataOptional[pd.DataFrame], optional
Not used, by default None
- timespanTimeSpan
Timespan over which operations such as queries will be performed, by default None. This can be a TimeStamp object or another object that has valid start, end, or period attributes.
- optionsOptional[Iterable[str]], optional
List of options to use, by default None A value of None means use default options. Options prefixed with “+” will be added to the default options. To see the list of available options type help(cls) where “cls” is the notebooklet class or an instance of this class.
Other Parameters
- startUnion[datetime, datelike-string]
Alternative to specifying timespan parameter.
- endUnion[datetime, datelike-string]
Alternative to specifying timespan parameter.
Returns
- HostSummaryResult
Result object with attributes for each result type.
Raises
- MsticnbMissingParameterError
If required parameters are missing
Default Options
ti: Displays TI results for the URL
whois: Display a summary of the URL
ip_record: Display a summary of the IP address the URL resolves to
cert: Display a summary of TLS certs used by the URL.
alerts: Displays a DataFrame of all alerts associated with the URL
bookmarks: Displays a DataFrame of all bookmarks associated with the URL
dns: Displays a DataFrame of all DNS events associated with the URL
hosts: Displays a DataFrame of all hosts associated with the URL
Other Options
None