Notebooklet Class - LogonSessionsRarity¶
Calculates the relative rarity of logon sessions.
It clusters the data based on process, command line and account.
Then calculates the rarity of the process pattern.
Then returns a result containing a summary of the logon sessions by rarity.
To see the methods available for the class and result class, run
cls.list_methods()
Default Options
None
Other Options
None
Display Sections¶
Calculate process rarity statistics for logon sessions¶
This first transforms the input data into features suitable for a clustering algorithm. It then clusters the data based on process, command line and account and calculates the rarity of the process pattern. It returns a result containing a summary of the logon sessions along with full results of the clustering. Methods available to view this data graphically include - list_sessions_by_rarity - table of sessions ordered by degree of rarity - plot_sessions_by_rarity - timeline plot of processes grouped by account and showing relative rarity of each process. - process_tree - a process tree of all processes or processes belonging to a single account.
Results Class¶
LogonSessionsRarityResult¶
Logon Sessions rarity.
Attributes¶
- process_clusters : pd.DataFrameProcess clusters based on account, process, commandline and showing the an example process from each cluster
- processes_with_cluster : pd.DataFrameMerged data with rarity value assigned to each process event.
- session_rarity: pd.DataFrameList of sessions with averaged process rarity.
Methods¶
Instance Methods¶
__init__¶
browse_events¶
list_sessions_by_rarity¶
plot_sessions_by_rarity¶
process_tree¶
run¶
Inherited methods¶
check_table_exists¶
check_valid_result_data¶
attrib
contains data.get_methods¶
get_pivot_run¶
get_provider¶
list_methods¶
run_nb_func¶
run_nb_funcs¶
Other Methods¶
add_nb_function¶
all_options¶
default_options¶
description¶
entity_types¶
get_help¶
get_settings¶
import_cell¶
keywords¶
list_options¶
match_terms¶
search_terms
.name¶
print_options¶
result¶
result [property] Return result of the most recent notebooklet run.
show_help¶
run
function documentation¶
Calculate Logon sessions ordered by process rarity summary.
Parameters¶
- value : str
- Not used
- data : Optional[pd.DataFrame], optional
- Process event data.
- timespan : TimeSpan
- Not used
- options : Optional[Iterable[str]], optional
- List of options to use, by default None. A value of None means use default options. Options prefixed with “+” will be added to the default options. To see the list of available options type help(cls) where “cls” is the notebooklet class or an instance of this class.
Returns¶
- LogonSessionsRarityResult
- LogonSessionsRarityResult.
Raises¶
- MsticnbMissingParameterError
- If required parameters are missing
Default Options¶
None
Other Options¶
None