MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity
PyMISP/examples/situational-awareness
History
Déborah Servili eb427e89c9 update examples/situational-awareness/README.md 2016-08-30 10:42:34 +02:00
..
README.md update examples/situational-awareness/README.md 2016-08-30 10:42:34 +02:00
attribute_treemap.py Initial refactoring, PEP8 and cleanup 2016-07-26 16:35:46 +02:00
style.css Initial refactoring, PEP8 and cleanup 2016-07-26 16:35:46 +02:00
tag_search.py Fix fetching method for tag_search and tags_count 2016-07-29 13:25:36 +02:00
tags_count.py Fix fetching method for tag_search and tags_count 2016-07-29 13:25:36 +02:00
test_attribute_treemap.html Initial refactoring, PEP8 and cleanup 2016-07-26 16:35:46 +02:00
tools.py Major refactoring of the SVG generator 2016-07-27 14:48:13 +02:00

README.md

Explanation

  • treemap.py is a script that will generate an interactive svg (attribute_treemap.svg) containing a treepmap representing the distribution of attributes in a sample (data) fetched from the instance using "last" or "searchall" examples.

  • It will also generate a html document with a table (attribute_table.html) containing count for each type of attribute.

  • test_attribute_treemap.html is a quick page made to visualize both treemap and table at the same time.

  • tags_count.py is a script that count the number of occurences of every tags in a fetched sample of Events in a given period of time.

  • tag_search.py is a script that count the number of occurences of a given tag in a fetched sample of Events in a given period of time.

    • Events will be fetched from days days ago to today.
    • begindate is the beginning of the studied period. If it is later than today, an error will be raised.
    • enddate is the end of the studied period. If it is earlier than begindate, an error will be raised.
    • tag_search.py allows research for multiple tags is possible by separating each tag by the | symbol.
    • Partial research is also possible with tag_search.py. For instance, search for "ransom" will also return tags containin "ransomware".

  • tags_to_graphs.py is a script that will generate several plots to visualise tags distribution.

    • The studied period can be either the 7, 28 or 360 last days
    • accuracy allows to get smallers splits of data instead of the default values
    • order define the accuracy of the curve fitting. Default value is 3
    • It will generate three plots:
      • Raw datas: in plot folder, named with the name of the corresponding taxonomy
      • Trend: in plot folder, named taxonomy_trend. general evolution of the data (linear fitting, curve fitting at order 1)
      • Curve fitting: in plotlib folder, name as the taxonomy it presents.

⚠️ These scripts are not time optimised

Requierements