Notebooklet Class - HostNetworkSummary¶
Host Network Summary Notebooket class.
Queries and displays information about network connections by a host including:
- Summary of network connections
- Visualizations of network events
- Geolocation of remote IP addresses
- Threat Intelligence enrichment of remote IP addresses
Display Sections¶
Results Class¶
HostNetworkSummaryResult¶
Host Network Summary Results.
Attributes¶
- flows: pd.DataFrameA Dataframe summarizing all network flows to and from a host.
- flow_matrix: LayoutDOMA plot of network traffic volumes from the host.
- flow_whois: pd.DataFrameNetwork flow data to and from the host enriched with WhoIs information about the IP address.
- flow_map: FoliumMapA map showing the location of all remote IP addresses communicating with the host.
- flow_ti: pd.DataFrameNetwork flow data to and from the host enriched with Threat Intelligence results for the IP address.
Methods¶
Instance Methods¶
__init__¶
__init__(self, data_providers:
Optional[<msticnb.data_providers.SingletonDecorator object at
0x0000023FAFA3A6A0>] = None, **kwargs)
Initialize a new instance of the notebooklet class.
run¶
run(self, value: Any = None, data:
Optional[pandas.core.frame.DataFrame] = None, timespan:
Optional[msticpy.common.timespan.TimeSpan] = None, options:
Optional[Iterable[str]] = None, **kwargs) ->
msticnb.nb.azsent.host.host_logons_summary.HostLogonsSummaryResult
Return host network data.
Inherited methods¶
check_table_exists¶
check_table_exists(self, table: str) -> bool
Check to see if the table exists in the provider.
check_valid_result_data¶
check_valid_result_data(self, attrib: str = None, silent: bool =
False) -> bool
Check that the result is valid and
attrib
contains data.get_methods¶
get_methods(self) -> Dict[str, Callable[[Any], Any]]
Return methods available for this class.
get_pivot_run¶
get_pivot_run(self, get_timespan: Callable[[],
msticpy.common.timespan.TimeSpan])
Return Pivot-wrappable run function.
get_provider¶
get_provider(self, provider_name: str)
Return data provider for the specified name.
list_methods¶
list_methods(self) -> List[str]
Return list of methods with descriptions.
run_nb_func¶
run_nb_func(self, nb_func: Union[str,
msticnb.notebooklet_func.NBFunc], **kwargs)
Run the notebooklet function and return the results.
run_nb_funcs¶
run_nb_funcs(self)
Run all notebooklet functions defined for the notebooklet.
Other Methods¶
add_nb_function¶
add_nb_function(nb_func: Union[str, msticnb.notebooklet_func.NBFunc],
**kwargs)
Add a notebooklet function to the class.
all_options¶
all_options() -> List[str]
Return supported options for Notebooklet run function.
default_options¶
default_options() -> List[str]
Return default options for Notebooklet run function.
description¶
description() -> str
Return description of the Notebooklet.
entity_types¶
entity_types() -> List[str]
Entity types supported by the notebooklet.
get_help¶
get_help(fmt=’html’) -> str
Return HTML document for class.
get_settings¶
get_settings(print_settings=True) -> Optional[str]
Print or return metadata for class.
import_cell¶
import_cell()
Import the text of this module into a new cell.
keywords¶
keywords() -> List[str]
Return search keywords for Notebooklet.
list_options¶
list_options() -> str
Return options document for Notebooklet run function.
match_terms¶
match_terms(search_terms: str) -> Tuple[bool, int]
Search class definition for
search_terms
.name¶
name() -> str
Return name of the Notebooklet.
print_options¶
print_options()
Print options for Notebooklet run function.
result¶
result [property] Return result of the most recent notebooklet run.
show_help¶
show_help()
Display Documentation for class.
run
function documentation¶
Return host network data.
Parameters¶
- value : str
- Host name
- data : Optional[pd.DataFrame], optional
- Optionally pass raw data to use for analysis, by default None
- timespan : TimeSpan
- Timespan over which operations such as queries will be performed, by default None. This can be a TimeStamp object or another object that has valid start, end, or period attributes. Alternatively you can pass start and end datetime objects.
- options : Optional[Iterable[str]], optional
- List of options to use, by default None A value of None means use default options.
Returns¶
- HostNetworkSummaryResults
- Result object with attributes for each result type.
Raises¶
- MsticnbMissingParameterError
- If required parameters are missing
- MsticnbDataProviderError
- If data is not avaliable
Default Options¶
- map: Display a map of remote IP addresses communicating with the host.
- ti: Enrich network flow data with Threat Inteligence.
- whois: Enrich network flow data with WhoIs information.
Other Options¶
None