MISP
/
misp-training
mirror of https://github.com/MISP/misp-training
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-training/complementary/jupyter-notebooks/query-misp-public.ipynb

1355 lines
90 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

{
"cells": [
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Extracting data from MISP using PyMISP"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Recovering the API KEY"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"- Go to `Global Actions` then `My Profile`\n",
"- Access the `/users/view/me` URL"
]
},
{
"cell_type": "code",
"execution_count": 2,
"metadata": {},
"outputs": [],
"source": [
"from pymisp import PyMISP\n",
"import urllib3\n",
"urllib3.disable_warnings()\n",
"\n",
"misp_url = 'https://training.misp-community.org/'\n",
"misp_key = 'YOURAPIKEY'\n",
"# Should PyMISP verify the MISP certificate\n",
"misp_verifycert = False\n",
"\n",
"misp = PyMISP(misp_url, misp_key, misp_verifycert)"
]
},
{
"cell_type": "code",
"execution_count": 3,
"metadata": {},
"outputs": [],
"source": [
"import datetime\n",
"from pprint import pprint\n",
"import base64\n",
"import subprocess"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Retrieving an Event"
]
},
{
"cell_type": "code",
"execution_count": 4,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"<MISPEvent(info=OSINT - Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400))\n",
"<class 'dict'>\n",
"OSINT - Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)\n"
]
}
],
"source": [
"r1 = misp.get_event('9802116c-3ec3-4a8e-8b39-5c69b08df5ab', pythonify=True)\n",
"print(r1)\n",
"r2 = misp.get_event(60, pythonify=False)\n",
"print(type(r2))\n",
"print(r2['Event']['info'])"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Searching the Event index"
]
},
{
"cell_type": "code",
"execution_count": 4,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"339b8437-13e8-4ae6-97dc-47cf909aa78d\n"
]
}
],
"source": [
"r = misp.search_index(pythonify=True)\n",
"print(r[1].uuid)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"#### Only published Events"
]
},
{
"cell_type": "code",
"execution_count": 5,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"[<MISPEvent(info=Targeted phishing - PDF documents / phishkit), <MISPEvent(info=Test Pull From Docker), <MISPEvent(info=OSINT - Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)), <MISPEvent(info=OSINT - ConnectWise ScreenConnect attacks deliver malware)]\n"
]
}
],
"source": [
"r = misp.search_index(published=True, pythonify=True)\n",
"print(r)\n",
"# print(r[0].to_dict())"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"#### Playing with time"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"**Multiple type of timestamps for Events**\n",
"- `timestamp`: Timestamp of the **last modification** of the Event or its content (include Attributes, Objects, Tags, ...)\n",
"- `published_timestamp`: Timestamp of the **last publication** of the Event\n",
"- To generate report, you usually want to use `publish_timestamp`\n",
"\n",
"**Multiple type of dates for Events**\n",
"- `date_from`: Only events having a more recent date will be returned\n",
"- `date_to`: Only events having an older date will be returned\n",
"- Both can be used at once to specify a time window\n"
]
},
{
"cell_type": "code",
"execution_count": 6,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"[<MISPEvent(info=Targeted phishing - PDF documents / phishkit),\n",
" <MISPEvent(info=Test Pull From Docker),\n",
" <MISPEvent(info=OSINT - Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)),\n",
" <MISPEvent(info=OSINT - ConnectWise ScreenConnect attacks deliver malware)]\n"
]
}
],
"source": [
"# Using string literal\n",
"sinceLastMonth = '30d'\n",
"# Using Python's datetime\n",
"sinceLastMonth = datetime.date.today() - datetime.timedelta(days=30)\n",
"\n",
"r = misp.search_index(published=True, publish_timestamp=sinceLastMonth, pythonify=True)\n",
"pprint(r)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"#### Data returned\n",
"- Searching the index will only returns high-level information about the Event and its attached context\n",
"\n",
"- Can be useful for:\n",
" - Statistics about number of created Event\n",
" - Statistics about Organisation creating Event over time\n",
" - Statistics about distribution level usage\n",
"- And, **If Event correctly contextualized**\n",
" - Statistics about **type of incident**\n",
" - Adversary tactics and techniques with **MITRE ATT&CK** usage\n",
" - Malware familly"
]
},
{
"cell_type": "code",
"execution_count": 7,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"# Event properties\n",
"['uuid', 'info', 'distribution', 'threat_level_id', 'analysis', 'published', 'date', 'id', 'orgc_id', 'org_id', 'timestamp', 'publish_timestamp', 'sighting_timestamp', 'sharing_group_id', 'Org', 'Orgc', 'attribute_count', 'proposal_email_lock', 'locked', 'disable_correlation', 'extends_uuid', 'GalaxyCluster', 'EventTag']\n",
"\n",
" # Event Tags (8)\n",
"{'Tag': {'colour': '#0088cc',\n",
" 'id': '6',\n",
" 'is_galaxy': True,\n",
" 'name': 'misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - '\n",
" 'T1193\"'},\n",
" 'event_id': '58',\n",
" 'id': '324',\n",
" 'local': False,\n",
" 'relationship_type': '',\n",
" 'tag_id': '6'}\n",
"\n",
" # Event Clusters (3)\n"
]
}
],
"source": [
"event = r[0].to_dict()\n",
"event_properties = event.keys()\n",
"print('# Event properties')\n",
"print(list(event_properties))\n",
"\n",
"print('\\n # Event Tags ({0})'.format(len(event['EventTag'])))\n",
"pprint(event['EventTag'][0])\n",
"\n",
"print('\\n # Event Clusters ({0})'.format(len(event['GalaxyCluster'])))"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"#### Useful parameters\n",
"\n",
"- `attribute` (Optional[str]) *Filter events on attribute's value*\n",
"- `published` (Optional[bool])\n",
"- `hasproposal` (Optional[bool])\n",
"- `eventid` (Optional[str, int])\n",
"- `tags` (Optional[str, List[str]])\n",
"- `date_from` (Optional[datetime, date, int, str, float, None])\n",
"- `date_to` (Optional[datetime, date, int, str, float, None])\n",
"- `eventinfo` (Optional[str])\n",
"- `threatlevel` (Optional[str, int])\n",
"- `analysis` (Optional[str, int])\n",
"- `distribution` (Optional[str, int])\n",
"- `sharinggroup` (Optional[str, int])\n",
"- `org` (Optional[str, List[[str, int]])\n",
"- `timestamp` (Optional[datetime, date, int, str, float, None, List[[datetime, date, int, str, float, None], [datetime, date, int, str, float, None]]])\n",
" - timestamp=(datetime.today() - timedelta(days=1))\n",
" - timestamp=['14d', '7d']\n",
" - timestamp=int(datetime.today().timestamp())\n",
"- `publish_timestamp` (Optional[datetime, date, int, str, float, None, List[[datetime, date, int, str, float, None], [datetime, date, int, str, float, None]]])"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Retrieving data with RestSearch\n",
"\n",
"The `RestSearch` endpoint can be used on multiple scopes. It has more filtering parameters and is generally flexible.\n",
"\n",
"Supported scopes (also called Controllers): `events`, `attributes`, `objects`\n",
"\n",
"### `/events/restSearch` VS `/attributes/restSearch`\n",
"\n",
"- Both endpoints support most of the parameter\n",
"- They differs in the data returned\n",
" - `/events/restSearch` returns the whole Event with its child elements (Attributes, Objects, Proposals, ..)\n",
" - `/attributes/restSearch` returns all attributes"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"#### Getting only metadata: Do not include child elements (such as Attributes, ...)"
]
},
{
"cell_type": "code",
"execution_count": 7,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"[<MISPEvent(info=Ransomware Attack against a French organization),\n",
" <MISPEvent(info=Dirty harry example),\n",
" <MISPEvent(info=Kobalos - Linux threat to high performance computing infrastructure),\n",
" <MISPEvent(info=ATM Vulnerabilities Allow Deposit Forgery Attacks),\n",
" <MISPEvent(info=Investigation Syrian Electronic Army Activities - Domain(s) Take over via Melbourne IT registrar),\n",
" <MISPEvent(info=Network relationship with Conti BTC address),\n",
" <MISPEvent(info=Decaying example),\n",
" <MISPEvent(info=GRU close access cyber operation against OPCW),\n",
" <MISPEvent(info=Targeted phishing - PDF documents / phishkit),\n",
" <MISPEvent(info=Test Pull From Docker),\n",
" <MISPEvent(info=OSINT - Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)),\n",
" <MISPEvent(info=OSINT - ConnectWise ScreenConnect attacks deliver malware),\n",
" <MISPEvent(info=Test event with some sample indicator to match on Jupyter notebook)]\n"
]
}
],
"source": [
"r = misp.search(controller='events', metadata=True, pythonify=True)\n",
"pprint(r)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Searching Attributes with RestSearch"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"#### Searching for values"
]
},
{
"cell_type": "code",
"execution_count": 9,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Simple value: [<MISPAttribute(type=ip-dst, value=8.8.8.8)]\n",
"List of values: [<MISPAttribute(type=ip-dst, value=8.8.8.8)]\n",
"Wildcard: [<MISPAttribute(type=url, value=https://www.github.com/MISP/MISP)]\n"
]
}
],
"source": [
"r1 = misp.search(controller='attributes', value='8.8.8.8', pythonify=True)\n",
"print('Simple value:', r1)\n",
"\n",
"r2 = misp.search(controller='attributes', value=['8.8.8.8', '5.4.2.1'], pythonify=True)\n",
"print('List of values:', r2)\n",
"\n",
"r3 = misp.search(controller='attributes', value=['https://www.github.com/%'], pythonify=True)\n",
"print('Wildcard:', r3)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"#### Searching for types"
]
},
{
"cell_type": "code",
"execution_count": 8,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"[<MISPAttribute(type=first-name, value=Harry),\n",
" <MISPAttribute(type=first-name, value=Jennifer),\n",
" <MISPAttribute(type=first-name, value=Samantha),\n",
" <MISPAttribute(type=first-name, value=Alexey),\n",
" <MISPAttribute(type=first-name, value=Evengii),\n",
" <MISPAttribute(type=first-name, value=Oleg)]\n",
"[<MISPAttribute(type=attachment, value=RANSOM-MAFIA-ANALYSIS-OF-THE-WORLDS-FIRST-RANSOMWARE-CARTEL.pdf),\n",
" <MISPAttribute(type=attachment, value=DirtyHarry.jpg),\n",
" <MISPAttribute(type=attachment, value=sunny.png),\n",
" <MISPAttribute(type=attachment, value=jennifer-spencer.png),\n",
" <MISPAttribute(type=attachment, value=samantha.png),\n",
" <MISPAttribute(type=attachment, value=DirtyHarry-Car.jpg),\n",
" <MISPAttribute(type=attachment, value=Figure-2.-Overview-of-Kobalos-features-and-ways-to-access-them.png),\n",
" <MISPAttribute(type=attachment, value=Figure-4.-Sequence-diagram-summarizing-Kobalos-network-protocols.png),\n",
" <MISPAttribute(type=attachment, value=syrian-conflict-spills-into-cyberspace-2013.pdf),\n",
" <MISPAttribute(type=attachment, value=sea-1.png),\n",
" <MISPAttribute(type=attachment, value=sea-2.png),\n",
" <MISPAttribute(type=attachment, value=Twitter DNS.jpeg),\n",
" <MISPAttribute(type=attachment, value=Twitter AE.jpeg),\n",
" <MISPAttribute(type=attachment, value=jabber/2021/11/30/fa50b79e-2746-4d25-911a-6607c9f4a110.gz),\n",
" <MISPAttribute(type=attachment, value=jabber/2021/11/30/b931c40c-3ca1-4187-aa62-e0c4c0ca7868.gz),\n",
" <MISPAttribute(type=attachment, value=jabber/2021/11/30/c552e29c-f1be-4d0d-bdf0-80cd2f09580c.gz),\n",
" <MISPAttribute(type=attachment, value=Screenshot 2023-01-27 145339.png),\n",
" <MISPAttribute(type=attachment, value=Minin.png),\n",
" <MISPAttribute(type=attachment, value=Screenshot 2023-01-27 151247.png),\n",
" <MISPAttribute(type=attachment, value=Screenshot 2023-01-27 151247.png),\n",
" <MISPAttribute(type=attachment, value=Screenshot 2023-01-27 152911.png),\n",
" <MISPAttribute(type=attachment, value=Screenshot 2023-01-27 154539.png),\n",
" <MISPAttribute(type=malware-sample, value=28f73ae365bde8c03d0f93ef73f71c086a026ac58f72b82bb2384c3a5ab42d02|9a58b7f8ba04c32c027126379456e444),\n",
" <MISPAttribute(type=malware-sample, value=56a73192c75130550294b327b36c051841d3780bd3732b410e0c190db6f9d936|164db8d1fe5f2ea9dd3ea826b2f0b808),\n",
" <MISPAttribute(type=malware-sample, value=ddcf49145d8c78198138a488b7f99bb4f760777be41b293138e4d5b531cebc73|08b49fb9882bfc8f69beb594fa543c8a),\n",
" <MISPAttribute(type=malware-sample, value=0fb825db2262d98e29846fa67171e3450666af9c0a6c31eaf8d7c84539be9132|1baa024f9cfab48b92c297aa406c91b5),\n",
" <MISPAttribute(type=malware-sample, value=c052025b442995f04a68b1b6b2007c36dbf47448c08dc249219a7f3eebd369c2|da877f4f7335264b03ac72fca5b305dc),\n",
" <MISPAttribute(type=malware-sample, value=f2676b94952018c220ee352b9857bc5ad62195b2d15cdfaf54fa5c5985d6934a|b830fd2997e1f124f34d77ff1fa9b89e),\n",
" <MISPAttribute(type=malware-sample, value=New-Updated-docs.zip|b7245bf657e792328aaacbc6f75d1555)]\n"
]
}
],
"source": [
"r1 = misp.search(controller='attributes', type_attribute='first-name', pythonify=True)\n",
"pprint(r1)\n",
"\n",
"r2 = misp.search(controller='attributes', type_attribute=['malware-sample', 'attachment'], pythonify=True)\n",
"pprint(r2)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"#### Searching for tags\n",
"\n",
"`includeEventTags` is an optional field on Attributes to also include the tags at event level. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"r1 = misp.search(controller='attributes', tags='tlp:red', includeEventTags=True, pythonify=True)\n",
"print('Simple tag:', len(r1))\n",
"print('\\tFirst Attribute', r1[0].Tag)\n",
"r2 = misp.search(controller='attributes', tags=['PAP:RED', 'tlp:red'], pythonify=True)\n",
"print('List of tags:', len(r2))\n",
"print('\\tThird Attribute', r2[0].Tag)"
]
},
{
"cell_type": "code",
"execution_count": 6,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Wildcard: 81\n",
"\tTags of all Attributes: [[], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], [], []]\n",
"\n",
"Open question: Why do we have Attributes despite them not having the correct tag attached?\n",
"\n"
]
}
],
"source": [
"r3 = misp.search(controller='attributes', tags=['misp-galaxy:target-information=%'], pythonify=True)\n",
"print('Wildcard:', len(r3))\n",
"print('\\tTags of all Attributes:', [attr.Tag for attr in r3])\n",
"print()\n",
"print(base64.b64decode('T3BlbiBxdWVzdGlvbjogV2h5IGRvIHdlIGhhdmUgQXR0cmlidXRlcyBkZXNwaXRlIHRoZW0gbm90IGhhdmluZyB0aGUgY29ycmVjdCB0YWcgYXR0YWNoZWQ/Cg==').decode())"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# DON'T RUN\n",
"allEventTags = [\n",
" [tag.name for tag in misp.get_event(attr.event_id, pythonify=True).Tag if tag.name.startswith('misp-galaxy:target-information=')]\n",
" for attr in r3\n",
"]\n",
"allUniqueEventTag = set()\n",
"for tags in allEventTags:\n",
" for tag in tags:\n",
" allUniqueEventTag.add(tag)\n",
"print('All unique Event tags:', allUniqueEventTag)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Negation: 78\n"
]
}
],
"source": [
"r4 = misp.search(\n",
" controller='attributes',\n",
" tags=['misp-galaxy:target-information=%', '!misp-galaxy:target-information=\"Luxembourg\"'],\n",
" pythonify=True)\n",
"print('Negation:', len(r4))\n",
"\n",
"\n",
"# Showing unique Event tags\n",
"allEventTags = [\n",
" [tag.name for tag in misp.get_event(attr.event_id, pythonify=True).Tag if tag.name.startswith('misp-galaxy:target-information=')]\n",
" for attr in r4\n",
"]\n",
"allUniqueEventTag = set()\n",
"for tags in allEventTags:\n",
" for tag in tags:\n",
" allUniqueEventTag.add(tag)\n",
"print('All unique Event tags:', allUniqueEventTag)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"**Want to also have the Event tags included**?"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"r5 = misp.search(\n",
" controller='attributes',\n",
" tags='misp-galaxy:target-information=%',\n",
" pythonify=True)\n",
"print('Tags of first attribute:', [tag.name for tag in r5[0].Tag])\n",
"\n",
"r6 = misp.search(\n",
" controller='attributes',\n",
" tags='misp-galaxy:target-information=%',\n",
" includeEventTags=True,\n",
" pythonify=True)\n",
"print('Tags of first attribute:', [tag.name for tag in r6[0].Tag])"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"**Complex query**"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"complex_query = misp.build_complex_query(or_parameters=['tlp:amber', 'adversary:infrastructure-type=\"c2\"'])\n",
"r7 = misp.search(\n",
" controller='attributes',\n",
" tags=complex_query,\n",
" includeEventTags=True,\n",
" pythonify=True)\n",
"print('Or:', len(r7))\n",
"pprint([\n",
" [tag.name for tag in attr.Tag if (tag.name == 'tlp:amber' or tag.name == 'adversary:infrastructure-type=\"c2\"')] for attr in r7[:5]\n",
"])\n",
"print()\n",
"\n",
"complex_query = misp.build_complex_query(and_parameters=['tlp:amber', 'adversary:infrastructure-type=\"c2\"'])\n",
"r8 = misp.search(\n",
" controller='attributes',\n",
" tags=complex_query,\n",
" includeEventTags=True,\n",
" pythonify=True)\n",
"print('And:', len(r8))\n",
"pprint([\n",
" [tag.name for tag in attr.Tag if (tag.name == 'tlp:amber' or tag.name == 'adversary:infrastructure-type=\"c2\"')] for attr in r8\n",
"])"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"#### Searching on GalaxyCluster metadata"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"body = {\n",
" 'galaxy.member-of': 'NATO',\n",
" 'galaxy.official-languages': 'French',\n",
"}\n",
"\n",
"events = misp.direct_call('/events/restSearch', body)\n",
"print('Events: ', len(events))\n",
"for event in events:\n",
" print(event['Event']['Tag'])\n",
"pprint([\n",
" [tag['name'] for tag in event['Event']['Tag'] if tag['name'].startswith('misp-galaxy:target-information')] for event in events\n",
"])"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"- **Note 1**: The `galaxy.*` instructions are not supported by PyMISP\n",
"- **Note 2**: Each `galaxy.*` instructions are **AND**ed and are applied for the same cluster\n",
" - Cannot combine from different clusters\n",
" - Combining `Galaxy.official-languages` and `Galaxy.synonyms` would likely gives no result"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"#### Searching on creator Organisation metadata"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"all_orgs = misp.organisations()\n",
"print('Organisation nationality:', {org['Organisation']['name']: org['Organisation']['nationality'] for org in all_orgs})\n",
"\n",
"body = {\n",
" 'org.nationality': ['Luxembourg'],\n",
" 'org.sector': ['financial'],\n",
"}\n",
"\n",
"events = misp.direct_call('/events/restSearch', body)\n",
"print('Events: ', len(events))\n",
"print('Org for each Event:', [event['Event']['Orgc']['name'] for event in events])"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"- **Note 1**: The `org.*` instructions are not supported by PyMISP"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"#### ReturnFormat"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"**CSV**"
]
},
{
"cell_type": "code",
"execution_count": 5,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"uuid,event_id,category,type,value,comment,to_ids,date,object_relation,attribute_tag,object_uuid,object_name,object_meta_category\n",
"\"239c1d6d-aa74-4ec0-83fd-c00b13e62fb9\",52,\"Network activity\",\"ip-dst\",\"151.80.57.191\",\"\",1,1612343468,\"ip-dst\",\"\",\"\",\"\",\"\"\n",
"\"e35ebfcb-027e-4fb0-a1de-068121a30af9\",60,\"Network activity\",\"ip-dst\",\"198.58.109.149\",\"server used by the attacker to host malicious files server used by the attacker to host malicious files\",1,1713022532,\"\",\"\",\"\",\"\",\"\"\n",
"\"af170b81-f692-401e-9a7a-dcd090a82f36\",60,\"Network activity\",\"ip-dst\",\"144.172.79.92\",\"server used by the attacker to host malicious files server used by the attacker to host malicious files\",1,1713022532,\"\",\"\",\"\",\"\",\"\"\n",
"\"0090d107-48f1-473c-92c8-9995f8df86c1\",60,\"Network activity\",\"ip-dst\",\"172.233.228.93\",\"server used by the attacker to host malicious files server used by the attacker to host malicious files\",1,1713022532,\"\",\"\",\"\",\"\",\"\"\n",
"\"1bf69d21-1511-4706-9827-13f11a7c602d\",60,\"Network activity\",\"ip-dst\",\"71.9.135.100\",\"Compromised ASUS router used by attacker to interact with compromised devices\",1,1713022563,\"\",\"\",\"\",\"\",\"\"\n",
"\"9e5a170a-8246-4ad0-8cb3-886b61ac6e29\",60,\"Network activity\",\"ip-dst\",\"89.187.187.69\",\"Surfshark VPN address used in exploitation attempts.\",1,1713022579,\"\",\"\",\"\",\"\",\"\"\n",
"\"e9227309-0a42-4772-8b49-aaaaaca8c25e\",60,\"Network activity\",\"ip-dst\",\"23.242.208.175\",\"Compromised ASUS router used by attacker to interact with compromised devices\",1,1713022622,\"\",\"\",\"\",\"\",\"\"\n",
"\"46678675-7083-4935-a139-23809fd3e63f\",60,\"Network activity\",\"ip-dst\",\"137.118.185.101\",\"Compromised ASUS router used by attacker to interact with compromised devices\",1,1713022622,\"\",\"\",\"\",\"\",\"\"\n",
"\"bbf52063-1901-4b76-96b2-51a252d63f6b\",60,\"Network activity\",\"ip-dst\",\"66.235.168.222\",\"Surfshark VPN address used in exploitation attempts.\",1,1713022644,\"\",\"\",\"\",\"\",\"\"\n",
"\"18829517-1daa-4c81-b65e-ad060da12e60\",62,\"Network activity\",\"ip-dst\",\"8.8.8.8\",\"\",1,1713151491,\"\",\"\",\"\",\"\",\"\"\n",
"\"e6f097b6-b34b-4a8c-9f23-73875053a313\",54,\"Network activity\",\"ip-src\",\"151.101.1.164\",\"Attribute #511575 enriched by dns.\",0,1674813309,\"\",\"\",\"\",\"\",\"\"\n",
"\"1b86ad9e-778f-483d-ab58-c65143791ada\",54,\"Network activity\",\"ip-src\",\"151.101.193.164\",\"Attribute #511579 enriched by dns.\",0,1674813309,\"\",\"\",\"\",\"\",\"\"\n",
"\"8fd8bba7-d498-4521-9a5a-457242a3c028\",54,\"Network activity\",\"ip-src\",\"141.105.64.37\",\"\",1,1620323648,\"ip-address\",\"\",\"\",\"\",\"\"\n",
"\"f2a6eb8c-7a3e-4524-8036-1b90cb18fe75\",56,\"Payload delivery\",\"ip-src\",\"149.23.54.0\",\"today\",1,1622184577,\"\",\"\",\"\",\"\",\"\"\n",
"\"93bc9e55-20e9-4be1-b3e5-057e56a3b82e\",56,\"Payload delivery\",\"ip-src\",\"149.23.54.1\",\"today - 1 days\",1,1622184577,\"\",\"\",\"\",\"\",\"\"\n",
"\"f7771a53-fbdf-4980-822d-9a2339ce9076\",56,\"Payload delivery\",\"ip-src\",\"149.23.54.2\",\"today - 2 days\",1,1622184577,\"\",\"\",\"\",\"\",\"\"\n",
"\"4972022a-26fd-4270-b614-506a9c951be6\",56,\"Payload delivery\",\"ip-src\",\"149.23.54.3\",\"today - 3 days\",1,1622184578,\"\",\"admiralty-scale:information-credibility=\"\"1\"\",admiralty-scale:source-reliability=\"\"a\"\"\",\"\",\"\",\"\"\n",
"\"c661cd4b-0474-48eb-b4ed-eb02f6b569ea\",56,\"Payload delivery\",\"ip-src\",\"149.23.54.4\",\"today - 4 days\",1,1622184578,\"\",\"\",\"\",\"\",\"\"\n",
"\"42f68239-a794-492c-8fed-7520677824b0\",56,\"Payload delivery\",\"ip-src\",\"149.23.54.5\",\"today - 5 days\",1,1622184578,\"\",\"\",\"\",\"\",\"\"\n",
"\"d6404ba7-c847-49b8-8748-3029ce62e2b0\",56,\"Payload delivery\",\"ip-src\",\"149.23.54.6\",\"today - 6 days\",1,1622184578,\"\",\"\",\"\",\"\",\"\"\n",
"\"7d6e98a3-6a89-4446-85bd-f67217979cbe\",59,\"Network activity\",\"ip-src\",\"1.1.1.1\",\"\",0,1713083076,\"\",\"\",\"\",\"\",\"\"\n",
"\n",
"\n"
]
}
],
"source": [
"r1 = misp.search(\n",
" controller='attributes',\n",
" type_attribute=['ip-src', 'ip-dst'],\n",
" return_format='csv')\n",
"print(r1)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"**Aggregated context** with `context-markdown`, `context` and `attack`"
]
},
{
"cell_type": "code",
"execution_count": 6,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"# Aggregated context data\n",
"## Tags and Taxonomies\n",
"#### PAP\n",
"*The Permissible Actions Protocol - or short: PAP - was designed to indicate how the received information can be used.*\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #ff0000; color: white\">PAP:RED</span></span>\n",
"\n",
" - **RED**: (PAP:RED) Non-detectable actions only. Recipients may not use PAP:RED information on the network. Only passive actions on logs, that are not detectable from the outside.\n",
"#### access-method\n",
"*The access method used to remotely access a system.*\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #996e00; color: white\">access-method:stolen-credentials</span></span>\n",
"\n",
" - **stolen-credentials**: Stolen credentials\n",
"#### admiralty-scale\n",
"*The Admiralty Scale or Ranking (also called the NATO System) is used to rank the reliability of a source and the credibility of an information. Reference based on FM 2-22.3 (FM 34-52) HUMAN INTELLIGENCE COLLECTOR OPERATIONS and NATO documents.*\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #0eb100; color: white\">admiralty-scale:information-credibility=&quot;1&quot;</span></span>\n",
"\n",
" - **information-credibility**: Information Credibility\n",
" - **1**: Confirmed by other sources\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #0fc000; color: white\">admiralty-scale:information-credibility=&quot;2&quot;</span></span>\n",
"\n",
" - **information-credibility**: Information Credibility\n",
" - **2**: Probably true\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #054300; color: white\">admiralty-scale:source-reliability=&quot;a&quot;</span></span>\n",
"\n",
" - **source-reliability**: Source Reliability\n",
" - **a**: Completely reliable\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #075200; color: white\">admiralty-scale:source-reliability=&quot;b&quot;</span></span>\n",
"\n",
" - **source-reliability**: Source Reliability\n",
" - **b**: Usually reliable\n",
"#### circl\n",
"*CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection*\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #418100; color: white\">circl:incident-classification=&quot;vulnerability&quot;</span></span>\n",
"\n",
" - **incident-classification**: Incident Classification\n",
" - **vulnerability**: Vulnerability\n",
"#### domain-abuse\n",
"*Domain Name Abuse - taxonomy to tag domain names used for cybercrime.*\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #ee4700; color: white\">domain-abuse:domain-access-method=&quot;compromised-domain-name-registrar&quot;</span></span>\n",
"\n",
" - **domain-access-method**: Domain access method\n",
" - **compromised-domain-name-registrar**: Compromised domain name registrar\n",
"#### economical-impact\n",
"*Economical impact is a taxonomy to describe the financial impact as positive or negative gain to the tagged information (e.g. data exfiltration loss, a positive gain for an adversary).*\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #038e00; color: white\">economical-impact:loss=&quot;less-than-1B-euro&quot;</span></span>\n",
"\n",
" - **loss**: Loss\n",
" - **less-than-1B-euro**: Less than 1 billion EUR\n",
"#### enisa\n",
"*The present threat taxonomy is an initial version that has been developed on the basis of available ENISA material. This material has been used as an ENISA-internal structuring aid for information collection and threat consolidation purposes. It emerged in the time period 2012-2015.*\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #3bb800; color: white\">enisa:nefarious-activity-abuse=&quot;spear-phishing-attacks&quot;</span></span>\n",
"\n",
" - **nefarious-activity-abuse**: Nefarious Activity/ Abuse\n",
" - **spear-phishing-attacks**: Spear phishing attacks\n",
"#### estimative-language\n",
"*Estimative language to describe quality and credibility of underlying sources, data, and methodologies based Intelligence Community Directive 203 (ICD 203) and JP 2-0, Joint Intelligence*\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #001fc2; color: white\">estimative-language:likelihood-probability=&quot;almost-certain&quot;</span></span>\n",
"\n",
" - **likelihood-probability**: Likelihood or probability\n",
" - **almost-certain**: Almost certain(ly) - nearly certain - 95-99%\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #001cad; color: white\">estimative-language:likelihood-probability=&quot;very-likely&quot;</span></span>\n",
"\n",
" - **likelihood-probability**: Likelihood or probability\n",
" - **very-likely**: Very likely - highly probable - 80-95%\n",
"#### infoleak\n",
"*A taxonomy describing information leaks and especially information classified as being potentially leaked. The taxonomy is based on the work by CIRCL on the AIL framework. The taxonomy aim is to be used at large to improve classification of leaked information.*\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #af4206; color: white\">infoleak:automatic-detection=&quot;bitcoin-address&quot;</span></span>\n",
"\n",
" - **automatic-detection**: Type of information leak detected from automatic analysis\n",
" - **bitcoin-address**: Bitcoin address\n",
"#### osint\n",
"*Open Source Intelligence - Classification (MISP taxonomies)*\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #0087e8; color: white\">osint:certainty=&quot;50&quot;</span></span>\n",
"\n",
" - **certainty**: Certainty of the elements mentioned in this Open Source Intelligence\n",
" - **50**: Chances about even (probability equals 0.50 - 50%)\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #007ed9; color: white\">osint:certainty=&quot;93&quot;</span></span>\n",
"\n",
" - **certainty**: Certainty of the elements mentioned in this Open Source Intelligence\n",
" - **93**: Almost certain (probability equals 0.93 - 93%)\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #0071c3; color: white\">osint:lifetime=&quot;perpetual&quot;</span></span>\n",
"\n",
" - **lifetime**: Lifetime of the information as Open Source Intelligence\n",
" - **perpetual**: Perpetual\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #002b4a; color: white\">osint:source-type=&quot;technical-report&quot;</span></span>\n",
"\n",
" - **source-type**: Source Type\n",
" - **technical-report**: Technical or analysis report\n",
"#### tlp\n",
"*The Traffic Light Protocol (TLP) (v2.0) was created to facilitate greater sharing of potentially sensitive information and more effective collaboration. Information sharing happens from an information source, towards one or more recipients. TLP is a set of four standard labels (a fifth label is included in amber to limit the diffusion) used to indicate the sharing boundaries to be applied by the recipients. Only labels listed in this standard are considered valid by FIRST. This taxonomy includes additional labels for backward compatibility which are no more validated by FIRST SIG.*\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #FFC000; color: black\">tlp:amber+strict</span></span>\n",
"\n",
" - **amber+strict**: Limited disclosure, recipients can only spread this on a need-to-know basis within their organization.\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #ffffff; color: black\">tlp:clear</span></span>\n",
"\n",
" - **clear**: (TLP:CLEAR) Recipients can spread this to the world, there is no limit on disclosure.\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #33FF00; color: black\">tlp:green</span></span>\n",
"\n",
" - **green**: (TLP:GREEN) Limited disclosure, recipients can spread this within their community.\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #FF2B2B; color: white\">tlp:red</span></span>\n",
"\n",
" - **red**: (TLP:RED) For the eyes and ears of individual recipients only, no further disclosure.\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #ffffff; color: black\">tlp:white</span></span>\n",
"\n",
" - **white**: (TLP:WHITE) Information can be shared publicly in accordance with the law.\n",
"#### type\n",
"*Taxonomy to describe different types of intelligence gathering discipline which can be described the origin of intelligence.*\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #004646; color: white\">type:OSINT</span></span>\n",
"\n",
" - **OSINT**: Open Source Intelligence\n",
"#### workflow\n",
"*Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.*\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #e9007e; color: white\">workflow:state=&quot;draft&quot;</span></span>\n",
"\n",
" - **state**: State\n",
" - **draft**: Draft means the information tagged can be released as a preliminary version or outline.\n",
"- <span class=\"tag-container\"><span class=\"tag\" style=\"background-color: #db0076; color: white\">workflow:state=&quot;incomplete&quot;</span></span>\n",
"\n",
" - **state**: State\n",
" - **incomplete**: Incomplete means that the information tagged is incomplete and has potential to be completed by other analysts, technical processes or the current analysts performing the analysis.\n",
"## Galaxy Clusters\n",
"#### <i class=\"fas fa-globe\"></i> Country\n",
"*Country meta information based on the database provided by geonames.org.*\n",
"- *[russia](https://training.misp-community.org/galaxy_clusters/view/14623)*\n",
"Russia\n",
"#### <i class=\"fas fa-map\"></i> attck4fraud\n",
"*attck4fraud - Principles of MITRE ATT&amp;CK in the fraud domain*\n",
"- *[ATM Black Box Attack](https://training.misp-community.org/galaxy_clusters/view/575)*\n",
"Type of Jackpotting attack. Connection of an unauthorized device which sends dispense commands directly to the ATM cash dispenser in order to “cash out” the ATM.\n",
"#### <i class=\"fas fa-map\"></i> Attack Pattern\n",
"*ATT&amp;CK Tactic*\n",
"- *[Asymmetric Cryptography - T1573.002](https://training.misp-community.org/galaxy_clusters/view/5291)*\n",
"Adversaries may employ a known asymmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Asymmetric cryptography, also known as public key cryptography, uses a keypair per party: one public that can be...\n",
"- *[Clear Command History - T1070.003](https://training.misp-community.org/galaxy_clusters/view/4842)*\n",
"In addition to clearing system logs, an adversary may clear the command history of a compromised account to conceal the actions undertaken during an intrusion. Various command interpreters keep track of the commands users type in their terminal so that users can retrace what they&#039;ve done.\n",
"\n",
"On L...\n",
"- *[Compromise Client Software Binary - T1554](https://training.misp-community.org/galaxy_clusters/view/4806)*\n",
"Adversaries may modify client software binaries to establish persistent access to systems. Client software enables users to access services provided by a server. Common client software types are SSH clients, FTP clients, email clients, and web browsers.\n",
"\n",
"Adversaries may make modifications to client ...\n",
"- *[Defacement - T1491](https://training.misp-community.org/galaxy_clusters/view/5614)*\n",
"Adversaries may modify visual content available internally or externally to an enterprise network, thus affecting the integrity of the original content. Reasons for [Defacement](https://attack.mitre.org/techniques/T1491) include delivering messaging, intimidation, or claiming (possibly false) credit...\n",
"- *[Exploit Public-Facing Application - T1190](https://training.misp-community.org/galaxy_clusters/view/4825)*\n",
"Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network. The weakness in the system can be a software bug, a temporary glitch, or a misconfiguration.\n",
"\n",
"Exploited applications are often websites/web servers, but can also include databases (like ...\n",
"- *[External Remote Services - T1133](https://training.misp-community.org/galaxy_clusters/view/5048)*\n",
"Adversaries may leverage external-facing remote services to initially access and/or persist within a network. Remote services such as VPNs, Citrix, and other access mechanisms allow users to connect to internal enterprise network resources from external locations. There are often remote service gate...\n",
"- *[Multi-hop Proxy - T1090.003](https://training.misp-community.org/galaxy_clusters/view/5153)*\n",
"To disguise the source of malicious traffic, adversaries may chain together multiple proxies. Typically, a defender will be able to identify the last proxy traffic traversed before it enters their network; the defender may or may not be able to identify any previous proxies before the last-hop proxy...\n",
"- *[Obfuscated Files or Information - T1027](https://training.misp-community.org/galaxy_clusters/view/4727)*\n",
"Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses. \n",
"\n",
"Payloads may be ...\n",
"- *[Spearphishing Attachment - T1193](https://training.misp-community.org/galaxy_clusters/view/5453)*\n",
"Spearphishing attachment is a specific variant of spearphishing. Spearphishing attachment is different from other forms of spearphishing in that it employs the use of malware attached to an email. All forms of spearphishing are electronically delivered social engineering targeted at a specific indiv...\n",
"- *[Spearphishing Link - T1192](https://training.misp-community.org/galaxy_clusters/view/5444)*\n",
"Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachmen...\n",
"- *[Symmetric Cryptography - T1573.001](https://training.misp-community.org/galaxy_clusters/view/5271)*\n",
"Adversaries may employ a known symmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Symmetric encryption algorithms use the same key for plaintext encryption and ciphertext decryption. Common symme...\n",
"- *[Timestomp - T1070.006](https://training.misp-community.org/galaxy_clusters/view/5528)*\n",
"Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have bee...\n",
"- *[Traffic Signaling - T1205](https://training.misp-community.org/galaxy_clusters/view/5396)*\n",
"Adversaries may use traffic signaling to hide open ports or other malicious functionality used for persistence or command and control. Traffic signaling involves the use of a magic value or sequence that must be sent to a system to trigger a special response, such as opening a closed port or executi...\n",
"- *[Vulnerabilities - T1588.006](https://training.misp-community.org/galaxy_clusters/view/5584)*\n",
"Adversaries may acquire information about vulnerabilities that can be used during targeting. A vulnerability is a weakness in computer hardware or software that can, potentially, be exploited by an adversary to cause unintended or unanticipated behavior to occur. Adversaries may find vulnerability i...\n",
"#### <i class=\"fas fa-link\"></i> Course of Action\n",
"*ATT&amp;CK Mitigation*\n",
"- *[Multi-factor Authentication - M1032](https://training.misp-community.org/galaxy_clusters/view/5854)*\n",
"Use two or more pieces of evidence to authenticate to a system; such as username and password in addition to a token from a physical smart card or token generator.\n",
"#### <i class=\"fas fa-user-ninja\"></i> Techniques\n",
"*ATT&amp;CK for ICS Techniques*\n",
"- *[Spearphishing Attachment](https://training.misp-community.org/galaxy_clusters/view/6753)*\n",
"Adversaries may use a spearphishing attachment, a variant of spearphishing, as a form of a social engineering attack against specific targets. Spearphishing attachments are different from other forms of spearphishing in that they employ malware attached to an email. All forms of spearphishing are el...\n",
"#### <i class=\"fab fa-btc\"></i> Ransomware\n",
"*Ransomware galaxy based on https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml*\n",
"- *[Conti](https://training.misp-community.org/galaxy_clusters/view/9554)*\n",
"Conti ransomware is a RaaS and has been observed encrypting networks since mid-2020.\n",
"Conti was developed by the “TrickBot” group, an organized Russian cybercriminal operation. Their reputation has allowed the group to create a strong brand name, attracting many affiliates which has made Conti on...\n",
"- *[Korean](https://training.misp-community.org/galaxy_clusters/view/8410)*\n",
"Ransomware Based on HiddenTear\n",
"#### <i class=\"fas fa-globe-europe\"></i> Regions UN M49\n",
"*Regions based on UN M49.*\n",
"- *[021 - Northern America](https://training.misp-community.org/galaxy_clusters/view/10024)*\n",
"\n",
"- *[142 - Asia](https://training.misp-community.org/galaxy_clusters/view/10034)*\n",
"\n",
"- *[150 - Europe](https://training.misp-community.org/galaxy_clusters/view/10037)*\n",
"\n",
"#### <i class=\"fas fa-industry\"></i> Sector\n",
"*Activity sectors*\n",
"- *[Academia - University](https://training.misp-community.org/galaxy_clusters/view/18422)*\n",
"\n",
"- *[Government, Administration](https://training.misp-community.org/galaxy_clusters/view/18448)*\n",
"\n",
"- *[IT - ISP](https://training.misp-community.org/galaxy_clusters/view/18456)*\n",
"\n",
"- *[Marketing](https://training.misp-community.org/galaxy_clusters/view/18526)*\n",
"\n",
"#### <i class=\"fas fa-bullseye\"></i> Target Information\n",
"*Description of targets of threat actors.*\n",
"- *[France](https://training.misp-community.org/galaxy_clusters/view/13207)*\n",
"\n",
"- *[Luxembourg](https://training.misp-community.org/galaxy_clusters/view/13134)*\n",
"\n",
"- *[Netherlands](https://training.misp-community.org/galaxy_clusters/view/13281)*\n",
"\n",
"#### <i class=\"fas fa-user-secret\"></i> Threat Actor\n",
"*Threat actors are characteristics of malicious actors (or adversaries) representing a cyber attack threat including presumed intent and historically observed behaviour.*\n",
"- *[Deadeye Jackal](https://training.misp-community.org/galaxy_clusters/view/18607)*\n",
"The Syrian Electronic Army (SEA) is a group of computer hackers which first surfaced online in 2011 to support the government of Syrian President Bashar al-Assad. Using spamming, website defacement, malware, phishing, and denial of service attacks, it has targeted political opposition groups, wester...\n"
]
}
],
"source": [
"# Get the context of Events that were created by organisations from the financial sector\n",
"\n",
"body = {\n",
" 'returnFormat': 'context-markdown',\n",
" 'org.sector': ['financial'],\n",
"}\n",
"\n",
"r2 = misp.direct_call('/events/restSearch', body)\n",
"print(r2)"
]
},
{
"cell_type": "code",
"execution_count": 7,
"metadata": {},
"outputs": [],
"source": [
"# Get the context of Events that had the threat actor APT-29 attached\n",
"\n",
"body = {\n",
" 'returnFormat': 'context',\n",
" 'tags': ['misp-galaxy:threat-actor=\\\"APT 29\\\"'],\n",
" 'staticHtml': 1, # If you want a JS-free HTML\n",
"}\n",
"\n",
"r2 = misp.direct_call('/events/restSearch', body)\n",
"with open('/tmp/attackOutput.html', 'w') as f:\n",
" f.write(r2)\n",
" # subprocess.run(['google-chrome', '--incognito', '/tmp/attackOutput.html'])\n"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"#### Be carefull with the amount of data you ask, use `pagination` if needed\n",
"\n",
"- `limit`: Specify the amount of data to be returned\n",
"- `page`: Specify the start of the rolling window. Is **not** zero-indexed\n",
"\n",
"If the size of the returned data is larger than the memory enveloppe you might get a different behavior based on your MISP setting:\n",
"- Nothing returned. Allowed memeory by PHP process exausted\n",
"- Data returned but slow. MISP will concatenante the returned data in a temporary file on disk\n",
" - This behavior is only applicable for `/*/restSearch` endpoints"
]
},
{
"cell_type": "code",
"execution_count": 8,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Amount of Attributes 615\n",
"Amount of paginated Attributes 5\n"
]
}
],
"source": [
"r1 = misp.search(controller='attributes', pythonify=True)\n",
"print('Amount of Attributes', len(r1))\n",
"\n",
"r2 = misp.search(\n",
" controller='attributes',\n",
" page=1,\n",
" limit=5,\n",
" pythonify=True)\n",
"print('Amount of paginated Attributes', len(r2))"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Searching for Sightings"
]
},
{
"cell_type": "code",
"execution_count": 10,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"[{'Sighting': {'Organisation': {'id': '15',\n",
" 'name': 'CIRCL',\n",
" 'uuid': '55f6ea5e-2c60-40e5-964f-47a8950d210f'},\n",
" 'attribute_id': '3361',\n",
" 'date_sighting': '1713153547',\n",
" 'event_id': '62',\n",
" 'id': '101',\n",
" 'org_id': '15',\n",
" 'source': '',\n",
" 'type': '0',\n",
" 'uuid': 'f80e5d2b-d6a0-4127-9c09-654722470a44',\n",
" 'value': 'John'}}]\n"
]
}
],
"source": [
"body = {\n",
" 'last': '7d'\n",
"}\n",
"\n",
"sightings = misp.direct_call('/sightings/restSearch', body)\n",
"pprint(sightings)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Plotting data"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"#### Sightings over time"
]
},
{
"cell_type": "code",
"execution_count": 11,
"metadata": {},
"outputs": [],
"source": [
"import pandas as pd\n",
"import matplotlib.pyplot as plt"
]
},
{
"cell_type": "code",
"execution_count": 12,
"metadata": {},
"outputs": [
{
"name": "stderr",
"output_type": "stream",
"text": [
"/tmp/ipykernel_169481/2015836940.py:4: FutureWarning: The behavior of 'to_datetime' with 'unit' when parsing strings is deprecated. In a future version, strings will be parsed as datetime strings, matching the behavior without a 'unit'. To retain the old behavior, explicitly cast ints or floats to numeric type before calling to_datetime.\n",
" df[\"date_sighting\"] = pd.to_datetime(df[\"date_sighting\"], unit='s')\n"
]
},
{
"data": {
"text/html": [
"<div>\n",
"<style scoped>\n",
" .dataframe tbody tr th:only-of-type {\n",
" vertical-align: middle;\n",
" }\n",
"\n",
" .dataframe tbody tr th {\n",
" vertical-align: top;\n",
" }\n",
"\n",
" .dataframe thead th {\n",
" text-align: right;\n",
" }\n",
"</style>\n",
"<table border=\"1\" class=\"dataframe\">\n",
" <thead>\n",
" <tr style=\"text-align: right;\">\n",
" <th></th>\n",
" <th>id</th>\n",
" <th>attribute_id</th>\n",
" <th>event_id</th>\n",
" <th>org_id</th>\n",
" <th>date_sighting</th>\n",
" <th>uuid</th>\n",
" <th>source</th>\n",
" <th>type</th>\n",
" <th>value</th>\n",
" <th>Organisation</th>\n",
" <th>one</th>\n",
" </tr>\n",
" </thead>\n",
" <tbody>\n",
" <tr>\n",
" <th>0</th>\n",
" <td>101</td>\n",
" <td>3361</td>\n",
" <td>62</td>\n",
" <td>15</td>\n",
" <td>2024-04-15 03:58:56</td>\n",
" <td>f80e5d2b-d6a0-4127-9c09-654722470a44</td>\n",
" <td></td>\n",
" <td>0</td>\n",
" <td>John</td>\n",
" <td>{'id': '15', 'uuid': '55f6ea5e-2c60-40e5-964f-...</td>\n",
" <td>1</td>\n",
" </tr>\n",
" </tbody>\n",
"</table>\n",
"</div>"
],
"text/plain": [
" id attribute_id event_id org_id date_sighting \\\n",
"0 101 3361 62 15 2024-04-15 03:58:56 \n",
"\n",
" uuid source type value \\\n",
"0 f80e5d2b-d6a0-4127-9c09-654722470a44 0 John \n",
"\n",
" Organisation one \n",
"0 {'id': '15', 'uuid': '55f6ea5e-2c60-40e5-964f-... 1 "
]
},
"execution_count": 12,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"# Converting our data to Panda DataFrame\n",
"sighting_rearranged = [sighting['Sighting'] for sighting in sightings]\n",
"df = pd.DataFrame.from_dict(sighting_rearranged)\n",
"df[\"date_sighting\"] = pd.to_datetime(df[\"date_sighting\"], unit='s')\n",
"df['one'] = 1\n",
"df"
]
},
{
"cell_type": "code",
"execution_count": 13,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"Min and Max: 2024-04-15 03:58:56 2024-04-15 03:58:56\n",
"Time delta: 0 days 00:00:00\n",
"Unique Event IDs: ['62']\n"
]
}
],
"source": [
"print('Min and Max:', df['date_sighting'].min(), df['date_sighting'].max())\n",
"print('Time delta:', df['date_sighting'].max() - df['date_sighting'].min())\n",
"print('Unique Event IDs:', df.event_id.unique())"
]
},
{
"cell_type": "code",
"execution_count": 14,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"attribute_id\n",
"3361 1\n",
"Name: count, dtype: int64\n"
]
},
{
"data": {
"text/plain": [
"<Axes: xlabel='attribute_id'>"
]
},
"execution_count": 14,
"metadata": {},
"output_type": "execute_result"
},
{
"data": {
"image/png": "iVBORw0KGgoAAAANSUhEUgAAAiMAAAHFCAYAAAAg3/mzAAAAOXRFWHRTb2Z0d2FyZQBNYXRwbG90bGliIHZlcnNpb24zLjguMywgaHR0cHM6Ly9tYXRwbG90bGliLm9yZy/H5lhTAAAACXBIWXMAAA9hAAAPYQGoP6dpAAAhh0lEQVR4nO3de1CVBf7H8Q8H4uIqaF5A6BiaZd5FTaI0daOwlF0321hr87Kpq1maTLOCJqap2LYak5csN8eaWQeqaa0WB0fZNTMpN5VcJ29oBqmg6MQxNFAOvz8aTz/yxlHgK/B+zZw/eHgu3+POLu99Luf4VFZWVgoAAMCIw3oAAADQuBEjAADAFDECAABMESMAAMAUMQIAAEwRIwAAwBQxAgAATPlZD1AdbrdbR48eVbNmzeTj42M9DgAAqIbKykqdPn1a4eHhcjguf/6jXsTI0aNH5XQ6rccAAADXoKCgQLfccstlf18vYqRZs2aSfnozwcHBxtMAAIDqcLlccjqdnr/jl1MvYuTCpZng4GBiBACAeuZqt1hwAysAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAw5XWMbN68WfHx8QoPD5ePj4/Wrl171W02bdqk3r17KyAgQB07dtTq1auvYVQAANAQeR0jpaWl6tmzp5YtW1at9b/55hsNHTpUgwcPVm5urp577jmNGzdO69ev93pYAADQ8Hj9rb0PPfSQHnrooWqvv2LFCrVv316LFi2SJHXu3FlbtmzRq6++qri4OG8PDwAAGphav2ckJydHsbGxVZbFxcUpJyfnstuUlZXJ5XJVeQEAgIbJ6zMj3iosLFRoaGiVZaGhoXK5XDp79qyCgoIu2iY1NVVz5syp7dFwA4tMyrQeAUAtObxwqPUIuMHckE/TJCcnq6SkxPMqKCiwHgkAANSSWj8zEhYWpqKioirLioqKFBwcfMmzIpIUEBCggICA2h4NAADcAGr9zEhMTIyys7OrLNuwYYNiYmJq+9AAAKAe8DpGfvjhB+Xm5io3N1fST4/u5ubmKj8/X9JPl1hGjRrlWX/ixIk6dOiQ/vKXv2jv3r1avny53n33XU2bNq1m3gEAAKjXvI6RL7/8UlFRUYqKipIkJSYmKioqSikpKZKkY8eOecJEktq3b6/MzExt2LBBPXv21KJFi/T3v/+dx3oBAIAkyaeysrLSeoircblcCgkJUUlJiYKDg63HQR3gaRqg4eJpmsajun+/b8inaQAAQONBjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwdU0xsmzZMkVGRiowMFDR0dHatm3bFddPS0tTp06dFBQUJKfTqWnTpunHH3+8poEBAEDD4nWMZGRkKDExUbNnz9aOHTvUs2dPxcXF6fjx45dcf82aNUpKStLs2bO1Z88evfXWW8rIyNCMGTOue3gAAFD/eR0jixcv1vjx4zV27Fh16dJFK1asUJMmTbRq1apLrr9161bde++9evzxxxUZGakHH3xQI0eOvOrZFAAA0Dh4FSPl5eXavn27YmNjf96Bw6HY2Fjl5ORccpt77rlH27dv98THoUOHtG7dOj388MOXPU5ZWZlcLleVFwAAaJj8vFm5uLhYFRUVCg0NrbI8NDRUe/fuveQ2jz/+uIqLi9W/f39VVlbq/Pnzmjhx4hUv06SmpmrOnDnejAYAAOqpWn+aZtOmTVqwYIGWL1+uHTt26IMPPlBmZqZeeumly26TnJyskpISz6ugoKC2xwQAAEa8OjPSqlUr+fr6qqioqMryoqIihYWFXXKbWbNm6cknn9S4ceMkSd27d1dpaakmTJigmTNnyuG4uIcCAgIUEBDgzWgAAKCe8urMiL+/v/r06aPs7GzPMrfbrezsbMXExFxymzNnzlwUHL6+vpKkyspKb+cFAAANjFdnRiQpMTFRo0ePVt++fdWvXz+lpaWptLRUY8eOlSSNGjVKERERSk1NlSTFx8dr8eLFioqKUnR0tPLy8jRr1izFx8d7ogQAADReXsdIQkKCTpw4oZSUFBUWFqpXr17Kysry3NSan59f5UzICy+8IB8fH73wwgs6cuSIWrdurfj4eM2fP7/m3gUAAKi3fCrrwbUSl8ulkJAQlZSUKDg42Hoc1IHIpEzrEQDUksMLh1qPgDpS3b/ffDcNAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU9cUI8uWLVNkZKQCAwMVHR2tbdu2XXH977//XpMnT1bbtm0VEBCgO+64Q+vWrbumgQEAQMPi5+0GGRkZSkxM1IoVKxQdHa20tDTFxcVp3759atOmzUXrl5eX64EHHlCbNm30/vvvKyIiQt9++62aN29eE/MDAIB6zusYWbx4scaPH6+xY8dKklasWKHMzEytWrVKSUlJF62/atUqnTp1Slu3btVNN90kSYqMjLy+qQEAQIPh1WWa8vJybd++XbGxsT/vwOFQbGyscnJyLrnNRx99pJiYGE2ePFmhoaHq1q2bFixYoIqKissep6ysTC6Xq8oLAAA0TF7FSHFxsSoqKhQaGlpleWhoqAoLCy+5zaFDh/T++++roqJC69at06xZs7Ro0SLNmzfvssdJTU1VSEiI5+V0Or0ZEwAA1CO1/jSN2+1WmzZt9Oabb6pPnz5KSEjQzJkztWLFistuk5ycrJKSEs+roKCgtscEAABGvLpnpFWrVvL19VVRUVGV5UVFRQoLC7vkNm3bttVNN90kX19fz7LOnTursLBQ5eXl8vf3v2ibgIAABQQEeDMaAACop7w6M+Lv768+ffooOzvbs8ztdis7O1sxMTGX3Obee+9VXl6e3G63Z9n+/fvVtm3bS4YIAABoXLy+TJOYmKiVK1fq7bff1p49ezRp0iSVlpZ6nq4ZNWqUkpOTPetPmjRJp06d0tSpU7V//35lZmZqwYIFmjx5cs29CwAAUG95/WhvQkKCTpw4oZSUFBUWFqpXr17Kysry3NSan58vh+PnxnE6nVq/fr2mTZumHj16KCIiQlOnTtX06dNr7l0AAIB6y6eysrLSeoircblcCgkJUUlJiYKDg63HQR2ITMq0HgFALTm8cKj1CKgj1f37zXfTAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPXFCPLli1TZGSkAgMDFR0drW3btlVru/T0dPn4+Gj48OHXclgAANAAeR0jGRkZSkxM1OzZs7Vjxw717NlTcXFxOn78+BW3O3z4sJ5//nkNGDDgmocFAAANj9cxsnjxYo0fP15jx45Vly5dtGLFCjVp0kSrVq267DYVFRV64oknNGfOHHXo0OG6BgYAAA2LVzFSXl6u7du3KzY29ucdOByKjY1VTk7OZbebO3eu2rRpo6eeeqpaxykrK5PL5aryAgAADZNXMVJcXKyKigqFhoZWWR4aGqrCwsJLbrNlyxa99dZbWrlyZbWPk5qaqpCQEM/L6XR6MyYAAKhHavVpmtOnT+vJJ5/UypUr1apVq2pvl5ycrJKSEs+roKCgFqcEAACW/LxZuVWrVvL19VVRUVGV5UVFRQoLC7to/YMHD+rw4cOKj4/3LHO73T8d2M9P+/bt02233XbRdgEBAQoICPBmNAAAUE95dWbE399fffr0UXZ2tmeZ2+1Wdna2YmJiLlr/zjvv1P/+9z/l5uZ6Xr/5zW80ePBg5ebmcvkFAAB4d2ZEkhITEzV69Gj17dtX/fr1U1pamkpLSzV27FhJ0qhRoxQREaHU1FQFBgaqW7duVbZv3ry5JF20HAAANE5ex0hCQoJOnDihlJQUFRYWqlevXsrKyvLc1Jqfny+Hgw92BQAA1eNTWVlZaT3E1bhcLoWEhKikpETBwcHW46AORCZlWo8AoJYcXjjUegTUker+/eYUBgAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPXFCPLli1TZGSkAgMDFR0drW3btl123ZUrV2rAgAFq0aKFWrRoodjY2CuuDwAAGhevYyQjI0OJiYmaPXu2duzYoZ49eyouLk7Hjx+/5PqbNm3SyJEj9Z///Ec5OTlyOp168MEHdeTIkeseHgAA1H8+lZWVld5sEB0drbvuuktLly6VJLndbjmdTj377LNKSkq66vYVFRVq0aKFli5dqlGjRl1ynbKyMpWVlXl+drlccjqdKikpUXBwsDfjop6KTMq0HgFALTm8cKj1CKgjLpdLISEhV/377dWZkfLycm3fvl2xsbE/78DhUGxsrHJycqq1jzNnzujcuXO6+eabL7tOamqqQkJCPC+n0+nNmAAAoB7xKkaKi4tVUVGh0NDQKstDQ0NVWFhYrX1Mnz5d4eHhVYLml5KTk1VSUuJ5FRQUeDMmAACoR/zq8mALFy5Uenq6Nm3apMDAwMuuFxAQoICAgDqcDAAAWPEqRlq1aiVfX18VFRVVWV5UVKSwsLArbvu3v/1NCxcu1MaNG9WjRw/vJwUAAA2SV5dp/P391adPH2VnZ3uWud1uZWdnKyYm5rLb/fWvf9VLL72krKws9e3b99qnBQAADY7Xl2kSExM1evRo9e3bV/369VNaWppKS0s1duxYSdKoUaMUERGh1NRUSdLLL7+slJQUrVmzRpGRkZ57S5o2baqmTZvW4FsBAAD1kdcxkpCQoBMnTiglJUWFhYXq1auXsrKyPDe15ufny+H4+YTL66+/rvLycj366KNV9jN79my9+OKL1zc9AACo97z+nBEL1X1OGQ0HnzMCNFx8zkjjUSufMwIAAFDTiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKaIEQAAYIoYAQAApq4pRpYtW6bIyEgFBgYqOjpa27Ztu+L67733nu68804FBgaqe/fuWrdu3TUNCwAAGh6vYyQjI0OJiYmaPXu2duzYoZ49eyouLk7Hjx+/5Ppbt27VyJEj9dRTT2nnzp0aPny4hg8frt27d1/38AAAoP7zqaysrPRmg+joaN11111aunSpJMntdsvpdOrZZ59VUlLSResnJCSotLRU//rXvzzL7r77bvXq1UsrVqyo1jFdLpdCQkJUUlKi4OBgb8ZFPRWZlGk9AoBacnjhUOsRUEeq+/fbz5udlpeXa/v27UpOTvYsczgcio2NVU5OziW3ycnJUWJiYpVlcXFxWrt27WWPU1ZWprKyMs/PJSUlkn56U2gc3GVnrEcAUEv43/LG48J/1lc77+FVjBQXF6uiokKhoaFVloeGhmrv3r2X3KawsPCS6xcWFl72OKmpqZozZ85Fy51OpzfjAgBuQCFp1hOgrp0+fVohISGX/b1XMVJXkpOTq5xNcbvdOnXqlFq2bCkfHx/DyQDUNJfLJafTqYKCAi7DAg1MZWWlTp8+rfDw8Cuu51WMtGrVSr6+vioqKqqyvKioSGFhYZfcJiwszKv1JSkgIEABAQFVljVv3tybUQHUM8HBwcQI0ABd6YzIBV49TePv768+ffooOzvbs8ztdis7O1sxMTGX3CYmJqbK+pK0YcOGy64PAAAaF68v0yQmJmr06NHq27ev+vXrp7S0NJWWlmrs2LGSpFGjRikiIkKpqamSpKlTp2rgwIFatGiRhg4dqvT0dH355Zd68803a/adAACAesnrGElISNCJEyeUkpKiwsJC9erVS1lZWZ6bVPPz8+Vw/HzC5Z577tGaNWv0wgsvaMaMGbr99tu1du1adevWrebeBYB6KyAgQLNnz77o0iyAxsPrzxkBAACoSXw3DQAAMEWMAAAAU8QIAAAwRYwAAABTxAgAADBFjAAAAFPECAAAMEWMALhhud1u6xEA1AFiBMANJS8vT3PmzNGZM2fkcDgIEqAR8Prj4AGgtuTl5enee+9VRUWFXC6XXnrpJTVp0kRut7vK10wAaFj4OHgAN4SSkhKNGTNGfn5+at++vTZv3qyYmBjNnz+fIAEaOP6bDeCG0LRpU3Xp0kWPPvqo5s2bp6FDhyonJ0czZsy45CUb/n8U0HBwZgSAqcrKSvn4+EiSzp8/Lz+/n64enz17Vq+88orWrVunu+++W6mpqQoKClJZWRnf8As0MJwZAWAmLy9PL7/8slwulyR5QuT8+fMKCgrS9OnT9fDDD+uLL77QjBkz9P3332vy5MkaMWKE5dgAahg3sAIwsWvXLt1///36wx/+oIKCAnXt2tVz6cXPz08VFRUKCAjQ9OnTJUnr169Xv379dOzYMW3YsMFydAA1jMs0AOpcYWGh+vfvr/j4eL366que5eXl5fL39/f8XFFRIV9fX7lcLvXv31/fffedPvnkE3Xv3t1ibAC1hMs0AOrcnj17FB4erldffVVut1tPP/20hg0bpt69e+vtt99WUVGRJMnX11fl5eWaPXu2Dh48SIgADRQxAqDOnTp1SmfPnlV5ebkGDx6sQ4cO6e6779agQYM0ZcoULV26VGfOnJEk+fv7q6KiQps3byZEgAaKe0YA1Lng4GAdOHBAGzduVEREhNLS0tSmTRtJUo8ePfTMM88oPj5e/fr1kyS99tprluMCqGWcGQFQ5x544AH1799fI0eOVE5OjqSfPzdkwoQJ6tKlCzepAo0IZ0YA1Kq8vDy98847+uabbzRw4ECNGzdOkvTss8/K5XIpNzdX+fn5njMj586dU/PmzRUREWE5NoA6RIwAqDW7du3SkCFD1Lt3b/n5+WnixIk6f/68Jk6cqAceeECnT5/W3LlzNWTIEC1fvlxNmzbV559/rry8PN13333W4wOoI8QIgFqRl5en+Ph4jRkzRvPmzZPD4dCECRN05MgRSZLD4dCIESPUtWtXpaamaurUqWrevLmCgoL08ccfq0OHDsbvAEBd4XNGANS48+fPKykpSSUlJVqyZIkCAwMlSU8++aROnjypyspKRUVF6YknnlDXrl0lSQcOHFBISIj8/Px08803W44PoI5xZgRAjbtwSebIkSOeEJk/f77WrFmjSZMmqU2bNlqyZIn27t2r9PR0+fv7q2PHjp7vqAHQuBAjAGrMqVOnVFRUJIfDoU6dOqljx46SpMOHD2vPnj3KzMzUkCFDJElxcXGKiYnRzp07FR0dTYgAjRiP9gKoEbt371ZsbKwSEhLUo0cPzZs3TxUVFZKkyMhILVmyREOGDFFlZaXcbrfOnTun7t27KywszHhyANaIEQDX7euvv9agQYN0//33Kz09XQsWLFBKSoqOHj3qWad58+aSJB8fHzkcDmVmZqpFixYKDg42mhrAjYLLNACuS3FxsSZNmqQ//vGPeuWVVyRJnTt31saNG/Xdd9/p5MmTatmypZxOpyTp4MGDWr16tZYtW6bPPvtMLVq0sBwfwA2AGAFwXXx8fDRkyBA9+uijnmXz5s3T+vXrVVhYqOLiYnXt2lWzZs1S27ZtNXPmTO3cuZPvmgHgwaO9AK7b6dOn1axZM0lSenq6Hn/8caWnpys2Nla7d+/W888/r2HDhik5OVlffPGF2rVrp3bt2hlPDeBGQYwAqFHffvutTp48qd69e3uWDRs2TA6HQx999JHhZABuVFymAVCjbr31Vt16662SJLfbrfLycjVt2lQ9evQwngzAjYqnaQDUGofDoQULFignJ0e///3vrccBcIPizAiAWvHee+/pk08+UXp6ujZs2KDbb7/deiQANyjOjACoFV26dNGJEyf06aefKioqynocADcwbmAFUGvOnTunm266yXoMADc4YgQAAJjiMg0AADBFjAAAAFPECAAAMEWMAAAAU8QIAAAwRYwAAABTxAiAGrF69Wo1b97c8/OLL76oXr16mc1zJZGRkUpLS7viOj4+Plq7dm2dzAM0dsQIAB0+fFg+Pj7Kzc2tsnzMmDEaPnx4tfaRkJCg/fv31/hs1QkHb/33v//VhAkTanSfAK4d300D4LqdO3dOQUFBCgoKsh6lWlq3bm09AoD/hzMjQCORlZWl/v37q3nz5mrZsqWGDRumgwcPSpLat28vSYqKipKPj48GDRqkF198UW+//bY+/PBD+fj4yMfHR5s2bfKcRcnIyNDAgQMVGBiof/zjHxddprngjTfekNPpVJMmTfTYY4+ppKTE87tBgwbpueeeq7L+8OHDNWbMGM/vv/32W02bNs0zwwVbtmzRgAEDFBQUJKfTqSlTpqi0tLRa/xa/PNty4MAB3XfffQoMDFSXLl20YcOGau0HQM0gRoBGorS0VImJifryyy+VnZ0th8Oh3/3ud3K73dq2bZskaePGjTp27Jg++OADPf/883rsscc0ZMgQHTt2TMeOHdM999zj2V9SUpKmTp2qPXv2KC4u7pLHzMvL07vvvquPP/5YWVlZ2rlzp55++ulqz/zBBx/olltu0dy5cz0zSNLBgwc1ZMgQjRgxQrt27VJGRoa2bNmiZ555xut/F7fbrUceeUT+/v764osvtGLFCk2fPt3r/QC4dlymARqJESNGVPl51apVat26tb7++mvPZYuWLVsqLCzMs05QUJDKysqqLLvgueee0yOPPHLFY/7444965513FBERIUlasmSJhg4dqkWLFl1yn7908803y9fXV82aNauyfmpqqp544gnPWZXbb79dr732mgYOHKjXX39dgYGBV933BRs3btTevXu1fv16hYeHS5IWLFighx56qNr7AHB9ODMCNBIHDhzQyJEj1aFDBwUHBysyMlKSlJ+ff03769u371XXadeunSdEJCkmJkZut1v79u27pmNe8NVXX2n16tVq2rSp5xUXFye3261vvvnGq33t2bNHTqfTEyIX5gRQdzgzAjQS8fHxuvXWW7Vy5UqFh4fL7XarW7duKi8vv6b9/epXv7rumRwOh375xeHnzp276nY//PCD/vznP2vKlCkX/a5du3bXPReAukWMAI3AyZMntW/fPq1cuVIDBgyQ9NMNoBf4+/tLkioqKqps5+/vf9Eyb+Tn5+vo0aOesw6ff/65HA6HOnXqJOmnp1ou3Ady4fi7d+/W4MGDrzhD79699fXXX6tjx47XPNsFnTt3VkFBgY4dO6a2bdt65gRQd7hMAzQCLVq0UMuWLfXmm28qLy9P//73v5WYmOj5fZs2bRQUFKSsrCwVFRV5nniJjIzUrl27tG/fPhUXF1frrMX/FxgYqNGjR+urr77Sp59+qilTpuixxx7z3P/x61//WpmZmcrMzNTevXs1adIkff/991X2ERkZqc2bN+vIkSMqLi6WJE2fPl1bt27VM888o9zcXB04cEAffvjhNd3AGhsbqzvuuKPKnDNnzvR6PwCuHTECNAIOh0Pp6enavn27unXrpmnTpumVV17x/N7Pz0+vvfaa3njjDYWHh+u3v/2tJGn8+PHq1KmT+vbtq9atW+uzzz7z6rgdO3bUI488oocfflgPPvigevTooeXLl3t+/6c//UmjR4/WqFGjNHDgQHXo0KHKWRFJmjt3rg4fPqzbbrvNc6Ntjx499Mknn2j//v0aMGCAoqKilJKSUuW+D2/+bf75z3/q7Nmz6tevn8aNG6f58+d7vR8A186n8pcXbAEAAOoQZ0YAAIApYgRAg/Lpp59WeeT3ly8ANx4u0wBoUM6ePasjR45c9vc18QQOgJpFjAAAAFNcpgEAAKaIEQAAYIoYAQAApogRAABgihgBAACmiBEAAGCKGAEAAKb+D83zydI8hBb4AAAAAElFTkSuQmCC",
"text/plain": [
"<Figure size 640x480 with 1 Axes>"
]
},
"metadata": {},
"output_type": "display_data"
}
],
"source": [
"# Grouping by Attribute value\n",
"value_count = df['attribute_id'].value_counts()\n",
"print(value_count)\n",
"value_count.plot(kind='bar', rot=45)"
]
},
{
"cell_type": "code",
"execution_count": 15,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"date_sighting\n",
"0 1\n",
"Name: count, dtype: int64\n"
]
},
{
"data": {
"text/plain": [
"<Axes: xlabel='date_sighting'>"
]
},
"execution_count": 15,
"metadata": {},
"output_type": "execute_result"
},
{
"data": {
"image/png": "iVBORw0KGgoAAAANSUhEUgAAAiMAAAGxCAYAAACwbLZkAAAAOXRFWHRTb2Z0d2FyZQBNYXRwbG90bGliIHZlcnNpb24zLjguMywgaHR0cHM6Ly9tYXRwbG90bGliLm9yZy/H5lhTAAAACXBIWXMAAA9hAAAPYQGoP6dpAAAetElEQVR4nO3dbZCV5X3H8d+CsuDAohFZlK5dY6wPNYIB2eJDUqdrNsZhwotMGbUBqdroqKNuTYSgoCW6pBFLpqKMNkZjYyUxqUmFYnUnJBNlSoSQNq1ifSAwibtANLsEEkjZ0xdO1m4B5aBwlfXzmTkvzr3Xde7/GWfcL/d52JpKpVIJAEAhA0oPAAC8t4kRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAo6pDSA+yNnp6e/PznP8+wYcNSU1NTehwAYC9UKpVs2bIlxxxzTAYM2PP1j4MiRn7+85+noaGh9BgAwD7YsGFDfu/3fm+PPz8oYmTYsGFJ3ngydXV1hacBAPZGd3d3Ghoaen+P78lBESO/e2mmrq5OjADAQebt3mLhDawAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKKrqGPn+97+fSZMm5ZhjjklNTU0ee+yxt92zfPnyfOhDH0ptbW0+8IEP5IEHHtiHUQGA/qjqGNm6dWvGjBmThQsX7tX6V155JRdccEHOPffcrFmzJtddd10uu+yyPPHEE1UPCwD0P1X/obzzzz8/559//l6vX7RoUY477rjMnz8/SXLyySfnBz/4Qf7mb/4mLS0t1Z4eAOhn9vt7RlasWJHm5uY+x1paWrJixYr9fWoA4CBQ9ZWRanV0dKS+vr7Psfr6+nR3d+fXv/51hgwZssue7du3Z/v27b33u7u79/eYAEAh+z1G9kVbW1tuvfXW0mNQUOOMJaVHAPaTdfMuKD0C/8/s95dpRo0alc7Ozj7HOjs7U1dXt9urIkkyc+bMdHV19d42bNiwv8cEAArZ71dGJk6cmKVLl/Y59uSTT2bixIl73FNbW5va2tr9PRoA8P9A1VdGfvWrX2XNmjVZs2ZNkjc+urtmzZqsX78+yRtXNaZOndq7/oorrsjLL7+cz372s3n++edz99135+tf/3quv/76d+cZAAAHtapj5Nlnn83pp5+e008/PUnS2tqa008/PbNnz06SvPrqq71hkiTHHXdclixZkieffDJjxozJ/Pnz83d/93c+1gsAJElqKpVKpfQQb6e7uzvDhw9PV1dX6urqSo/DAeANrNB/eQPre8fe/v72t2kAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFH7FCMLFy5MY2NjBg8enKampqxcufIt1y9YsCAnnnhihgwZkoaGhlx//fX5zW9+s08DAwD9S9Uxsnjx4rS2tmbOnDlZvXp1xowZk5aWlmzcuHG36x9++OHMmDEjc+bMyXPPPZcvf/nLWbx4cT73uc+94+EBgINf1TFy55135vLLL8/06dNzyimnZNGiRTnssMNy//3373b9M888k7POOisXXXRRGhsb89GPfjQXXnjh215NAQDeG6qKkR07dmTVqlVpbm5+8wEGDEhzc3NWrFix2z1nnnlmVq1a1RsfL7/8cpYuXZqPf/zjezzP9u3b093d3ecGAPRPh1SzePPmzdm5c2fq6+v7HK+vr8/zzz+/2z0XXXRRNm/enLPPPjuVSiX//d//nSuuuOItX6Zpa2vLrbfeWs1oAMBBar9/mmb58uW5/fbbc/fdd2f16tX51re+lSVLlmTu3Ll73DNz5sx0dXX13jZs2LC/xwQACqnqysiIESMycODAdHZ29jne2dmZUaNG7XbPzTffnE996lO57LLLkiQf/OAHs3Xr1vzFX/xFZs2alQEDdu2h2tra1NbWVjMaAHCQqurKyKBBgzJu3Li0t7f3Huvp6Ul7e3smTpy42z3btm3bJTgGDhyYJKlUKtXOCwD0M1VdGUmS1tbWTJs2LePHj8+ECROyYMGCbN26NdOnT0+STJ06NaNHj05bW1uSZNKkSbnzzjtz+umnp6mpKS+++GJuvvnmTJo0qTdKAID3rqpjZMqUKdm0aVNmz56djo6OjB07NsuWLet9U+v69ev7XAm56aabUlNTk5tuuik/+9nPctRRR2XSpEm57bbb3r1nAQActGoqB8FrJd3d3Rk+fHi6urpSV1dXehwOgMYZS0qPAOwn6+ZdUHoEDpC9/f3tb9MAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUtU8xsnDhwjQ2Nmbw4MFpamrKypUr33L9L3/5y1x11VU5+uijU1tbmz/4gz/I0qVL92lgAKB/OaTaDYsXL05ra2sWLVqUpqamLFiwIC0tLVm7dm1Gjhy5y/odO3bkvPPOy8iRI/Poo49m9OjR+elPf5rDDz/83ZgfADjIVR0jd955Zy6//PJMnz49SbJo0aIsWbIk999/f2bMmLHL+vvvvz+vvfZannnmmRx66KFJksbGxnc2NQDQb1T1Ms2OHTuyatWqNDc3v/kAAwakubk5K1as2O2e73znO5k4cWKuuuqq1NfX59RTT83tt9+enTt37vE827dvT3d3d58bANA/VRUjmzdvzs6dO1NfX9/neH19fTo6Ona75+WXX86jjz6anTt3ZunSpbn55pszf/78fP7zn9/jedra2jJ8+PDeW0NDQzVjAgAHkf3+aZqenp6MHDky9957b8aNG5cpU6Zk1qxZWbRo0R73zJw5M11dXb23DRs27O8xAYBCqnrPyIgRIzJw4MB0dnb2Od7Z2ZlRo0btds/RRx+dQw89NAMHDuw9dvLJJ6ejoyM7duzIoEGDdtlTW1ub2traakYDAA5SVV0ZGTRoUMaNG5f29vbeYz09PWlvb8/EiRN3u+ess87Kiy++mJ6ent5jL7zwQo4++ujdhggA8N5S9cs0ra2tue+++/Lggw/mueeey5VXXpmtW7f2frpm6tSpmTlzZu/6K6+8Mq+99lquvfbavPDCC1myZEluv/32XHXVVe/eswAADlpVf7R3ypQp2bRpU2bPnp2Ojo6MHTs2y5Yt631T6/r16zNgwJuN09DQkCeeeCLXX399TjvttIwePTrXXnttbrzxxnfvWQAAB62aSqVSKT3E2+nu7s7w4cPT1dWVurq60uNwADTOWFJ6BGA/WTfvgtIjcIDs7e9vf5sGAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgqH2KkYULF6axsTGDBw9OU1NTVq5cuVf7HnnkkdTU1GTy5Mn7cloAoB+qOkYWL16c1tbWzJkzJ6tXr86YMWPS0tKSjRs3vuW+devW5YYbbsg555yzz8MCAP1P1TFy55135vLLL8/06dNzyimnZNGiRTnssMNy//3373HPzp07c/HFF+fWW2/N+9///nc0MADQv1QVIzt27MiqVavS3Nz85gMMGJDm5uasWLFij/v+6q/+KiNHjsyll16675MCAP3SIdUs3rx5c3bu3Jn6+vo+x+vr6/P888/vds8PfvCDfPnLX86aNWv2+jzbt2/P9u3be+93d3dXMyYAcBDZr5+m2bJlSz71qU/lvvvuy4gRI/Z6X1tbW4YPH957a2ho2I9TAgAlVXVlZMSIERk4cGA6Ozv7HO/s7MyoUaN2Wf/SSy9l3bp1mTRpUu+xnp6eN058yCFZu3Ztjj/++F32zZw5M62trb33u7u7BQkA9FNVxcigQYMybty4tLe39348t6enJ+3t7bn66qt3WX/SSSfl3//93/scu+mmm7Jly5Z86Utf2mNg1NbWpra2tprRAICDVFUxkiStra2ZNm1axo8fnwkTJmTBggXZunVrpk+fniSZOnVqRo8enba2tgwePDinnnpqn/2HH354kuxyHAB4b6o6RqZMmZJNmzZl9uzZ6ejoyNixY7Ns2bLeN7WuX78+Awb4YlcAYO/UVCqVSukh3k53d3eGDx+erq6u1NXVlR6HA6BxxpLSIwD7ybp5F5QegQNkb39/u4QBABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIrapxhZuHBhGhsbM3jw4DQ1NWXlypV7XHvfffflnHPOyRFHHJEjjjgizc3Nb7keAHhvqTpGFi9enNbW1syZMyerV6/OmDFj0tLSko0bN+52/fLly3PhhRfmu9/9blasWJGGhoZ89KMfzc9+9rN3PDwAcPCrqVQqlWo2NDU15Ywzzshdd92VJOnp6UlDQ0OuueaazJgx423379y5M0cccUTuuuuuTJ06da/O2d3dneHDh6erqyt1dXXVjMtBqnHGktIjAPvJunkXlB6BA2Rvf39XdWVkx44dWbVqVZqbm998gAED0tzcnBUrVuzVY2zbti2//e1v8773vW+Pa7Zv357u7u4+NwCgf6oqRjZv3pydO3emvr6+z/H6+vp0dHTs1WPceOONOeaYY/oEzf/V1taW4cOH994aGhqqGRMAOIgc0E/TzJs3L4888kj+8R//MYMHD97jupkzZ6arq6v3tmHDhgM4JQBwIB1SzeIRI0Zk4MCB6ezs7HO8s7Mzo0aNesu9d9xxR+bNm5ennnoqp5122luura2tTW1tbTWjAQAHqaqujAwaNCjjxo1Le3t777Genp60t7dn4sSJe9z313/915k7d26WLVuW8ePH7/u0AEC/U9WVkSRpbW3NtGnTMn78+EyYMCELFizI1q1bM3369CTJ1KlTM3r06LS1tSVJvvCFL2T27Nl5+OGH09jY2PvekqFDh2bo0KHv4lMBAA5GVcfIlClTsmnTpsyePTsdHR0ZO3Zsli1b1vum1vXr12fAgDcvuNxzzz3ZsWNHPvnJT/Z5nDlz5uSWW255Z9MDAAe9qr9npATfM/Le43tGoP/yPSPvHfvle0YAAN5tYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARe1TjCxcuDCNjY0ZPHhwmpqasnLlyrdc/41vfCMnnXRSBg8enA9+8INZunTpPg0LAPQ/VcfI4sWL09ramjlz5mT16tUZM2ZMWlpasnHjxt2uf+aZZ3LhhRfm0ksvzY9+9KNMnjw5kydPzk9+8pN3PDwAcPCrqVQqlWo2NDU15Ywzzshdd92VJOnp6UlDQ0OuueaazJgxY5f1U6ZMydatW/P444/3HvujP/qjjB07NosWLdqrc3Z3d2f48OHp6upKXV1dNeNykGqcsaT0CMB+sm7eBaVH4ADZ29/fVV0Z2bFjR1atWpXm5uY3H2DAgDQ3N2fFihW73bNixYo+65OkpaVlj+sBgPeWQ6pZvHnz5uzcuTP19fV9jtfX1+f555/f7Z6Ojo7dru/o6NjjebZv357t27f33u/q6kryRmHx3tCzfVvpEYD9xP/L3zt+99/67V6EqSpGDpS2trbceuutuxxvaGgoMA0A76bhC0pPwIG2ZcuWDB8+fI8/rypGRowYkYEDB6azs7PP8c7OzowaNWq3e0aNGlXV+iSZOXNmWltbe+/39PTktddey5FHHpmamppqRgb+n+vu7k5DQ0M2bNjgPWHQz1QqlWzZsiXHHHPMW66rKkYGDRqUcePGpb29PZMnT07yRii0t7fn6quv3u2eiRMnpr29Pdddd13vsSeffDITJ07c43lqa2tTW1vb59jhhx9ezajAQaaurk6MQD/0VldEfqfql2laW1szbdq0jB8/PhMmTMiCBQuydevWTJ8+PUkyderUjB49Om1tbUmSa6+9Nh/5yEcyf/78XHDBBXnkkUfy7LPP5t5776321ABAP1R1jEyZMiWbNm3K7Nmz09HRkbFjx2bZsmW9b1Jdv359Bgx480M6Z555Zh5++OHcdNNN+dznPpcTTjghjz32WE499dR371kAAAetqr9nBODdtH379rS1tWXmzJm7vDwLvDeIEQCgKH8oDwAoSowAAEWJEQCgKDECFLNw4cI0NjZm8ODBaWpqysqVK0uPBBQgRoAiFi9enNbW1syZMyerV6/OmDFj0tLSko0bN5YeDTjAfJoGKKKpqSlnnHFG7rrrriRvfJtzQ0NDrrnmmsyYMaPwdMCB5MoIcMDt2LEjq1atSnNzc++xAQMGpLm5OStWrCg4GVCCGAEOuM2bN2fnzp2939z8O/X19eno6Cg0FVCKGAEAihIjwAE3YsSIDBw4MJ2dnX2Od3Z2ZtSoUYWmAkoRI8ABN2jQoIwbNy7t7e29x3p6etLe3p6JEycWnAwooeq/2gvwbmhtbc20adMyfvz4TJgwIQsWLMjWrVszffr00qMBB5gYAYqYMmVKNm3alNmzZ6ejoyNjx47NsmXLdnlTK9D/+Z4RAKAo7xkBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYgX7uj//4j3PdddeVHmO31q1bl5qamqxZs2av9zzwwAM5/PDDD8i5gANDjAC9li9fnpqamvzyl788IOdraGjIq6++mlNPPfVdfdxLLrkkkydPPiDnAt45f5sGKGbgwIEZNWpUvzsXUB1XRqAf2bp1a6ZOnZqhQ4fm6KOPzvz58/v8/KGHHsr48eMzbNiwjBo1KhdddFE2btyY5I2XMc4999wkyRFHHJGamppccsklSZKenp60tbXluOOOy5AhQzJmzJg8+uijezXT66+/nosvvjhHHXVUhgwZkhNOOCFf+cpXes/5f186+c53vpMTTjghgwcPzrnnnpsHH3xwt1drnnjiiZx88skZOnRoPvaxj+XVV19Nktxyyy158MEH8+1vfzs1NTWpqanJ8uXLdznX764Ctbe3Z/z48TnssMNy5plnZu3atX3O8/nPfz4jR47MsGHDctlll2XGjBkZO3bsXj13YO+IEehHPvOZz+R73/tevv3tb+df/uVfsnz58qxevbr357/97W8zd+7c/PjHP85jjz2WdevW9QZHQ0NDvvnNbyZJ1q5dm1dffTVf+tKXkiRtbW356le/mkWLFuU//uM/cv311+fP/uzP8r3vfe9tZ7r55pvzn//5n/nnf/7nPPfcc7nnnnsyYsSI3a595ZVX8slPfjKTJ0/Oj3/843z605/OrFmzdlm3bdu23HHHHXnooYfy/e9/P+vXr88NN9yQJLnhhhvyp3/6p72B8uqrr+bMM8/c43yzZs3K/Pnz8+yzz+aQQw7Jn//5n/f+7Gtf+1puu+22fOELX8iqVaty7LHH5p577nnb5wxUqQL0C1u2bKkMGjSo8vWvf7332C9+8YvKkCFDKtdee+1u9/zwhz+sJKls2bKlUqlUKt/97ncrSSqvv/5675rf/OY3lcMOO6zyzDPP9Nl76aWXVi688MK3nWvSpEmV6dOn7/Znr7zySiVJ5Uc/+lGlUqlUbrzxxsqpp57aZ82sWbP6zPSVr3ylkqTy4osv9q5ZuHBhpb6+vvf+tGnTKp/4xCfe8ly/e65PPfVU75olS5ZUklR+/etfVyqVSqWpqaly1VVX9Xmcs846qzJmzJi3fd7A3nNlBPqJl156KTt27EhTU1Pvsfe973058cQTe++vWrUqkyZNyrHHHpthw4blIx/5SJJk/fr1e3zcF198Mdu2bct5552XoUOH9t6++tWv5qWXXnrbua688so88sgjGTt2bD772c/mmWee2ePatWvX5owzzuhzbMKECbusO+yww3L88cf33j/66KN7X26q1mmnndbncZL0PtbatWt3Of/u5gHeGW9ghfeIrVu3pqWlJS0tLfna176Wo446KuvXr09LS0t27Nixx32/+tWvkiRLlizJ6NGj+/ystrb2bc97/vnn56c//WmWLl2aJ598Mn/yJ3+Sq666Knfcccc+P5dDDz20z/2amppUKpV3/Fg1NTVJ3niPDHDguDIC/cTxxx+fQw89NP/6r//ae+z111/PCy+8kCR5/vnn84tf/CLz5s3LOeeck5NOOmmXqwmDBg1KkuzcubP32CmnnJLa2tqsX78+H/jAB/rcGhoa9mq2o446KtOmTcvf//3fZ8GCBbn33nt3u+7EE0/Ms88+2+fYD3/4w706x/99Hv/7OeyrE088cZfz78s8wFtzZQT6iaFDh+bSSy/NZz7zmRx55JEZOXJkZs2alQED3vg3x7HHHptBgwblb//2b3PFFVfkJz/5SebOndvnMX7/938/NTU1efzxx/Pxj388Q4YMybBhw3LDDTfk+uuvT09PT84+++x0dXXl6aefTl1dXaZNm/aWc82ePTvjxo3LH/7hH2b79u15/PHHc/LJJ+927ac//enceeedufHGG3PppZdmzZo1eeCBB5K8edVibzQ2NuaJJ57I2rVrc+SRR2b48OF7vfd/u+aaa3L55Zdn/PjxOfPMM7N48eL827/9W97//vfv0+MBu+fKCPQjX/ziF3POOedk0qRJaW5uztlnn51x48YleePqxAMPPJBvfOMbOeWUUzJv3rxdXioZPXp0br311syYMSP19fW5+uqrkyRz587NzTffnLa2tpx88sn52Mc+liVLluS4445725kGDRqUmTNn5rTTTsuHP/zhDBw4MI888shu1x533HF59NFH861vfSunnXZa7rnnnt5P0+zNS0K/c/nll+fEE0/M+PHjc9RRR+Xpp5/e673/28UXX5yZM2fmhhtuyIc+9KG88sorueSSSzJ48OB9ejxg92oq+/pCK8ABcNttt2XRokXZsGFD6VGSJOedd15GjRqVhx56qPQo0G94mQb4f+Xuu+/OGWeckSOPPDJPP/10vvjFL/ZeoTnQtm3blkWLFqWlpSUDBw7MP/zDP+Spp57Kk08+WWQe6K+8TAO8I1dccUWfj/z+79sVV1xR9eP913/9Vz7xiU/klFNOydy5c/OXf/mXueWWW979wfdCTU1Nli5dmg9/+MMZN25c/umf/inf/OY309zcXGQe6K+8TAO8Ixs3bkx3d/duf1ZXV5eRI0ce4ImAg40YAQCK8jINAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKL+B0qcp9CP82ZUAAAAAElFTkSuQmCC",
"text/plain": [
"<Figure size 640x480 with 1 Axes>"
]
},
"metadata": {},
"output_type": "display_data"
}
],
"source": [
"# Grouping by weekday (0-indexed)\n",
"amount_per_weekday = df['date_sighting'].dt.weekday.value_counts()\n",
"print(amount_per_weekday)\n",
"amount_per_weekday.plot(kind='bar', rot=0)"
]
},
{
"cell_type": "code",
"execution_count": 16,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"date_sighting\n",
"3 1\n",
"Name: one, dtype: int64\n"
]
},
{
"data": {
"text/plain": [
"<Axes: xlabel='date_sighting'>"
]
},
"execution_count": 16,
"metadata": {},
"output_type": "execute_result"
},
{
"data": {
"image/png": "iVBORw0KGgoAAAANSUhEUgAAAiMAAAGxCAYAAACwbLZkAAAAOXRFWHRTb2Z0d2FyZQBNYXRwbG90bGliIHZlcnNpb24zLjguMywgaHR0cHM6Ly9tYXRwbG90bGliLm9yZy/H5lhTAAAACXBIWXMAAA9hAAAPYQGoP6dpAAAeuElEQVR4nO3df3TV9X3H8VdACXgg8QcSlMVhrVOpBSwowx/tPItNrYdT/ugZR11Bhq561KNmtkJR0FENneLomSjT1mpdnVTb2lYoTHOKPVXOrCBduynOHxROC0GqTSjW0JG7PzyNywAlKHxKfDzOuX/km8/nft/3eI558v3em1RVKpVKAAAK6VN6AADg/U2MAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUQeUHmB3dHZ25le/+lUGDRqUqqqq0uMAALuhUqlky5YtOfLII9Onz66vf+wXMfKrX/0q9fX1pccAAPbA+vXr8yd/8ie7/P5+ESODBg1K8uaLqampKTwNALA72tvbU19f3/VzfFf2ixj5w62ZmpoaMQIA+5l3eouFN7ACAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoKgex8iPfvSjTJgwIUceeWSqqqry8MMPv+Oe5cuX5yMf+Uiqq6vzwQ9+MPfcc88ejAoA9EY9jpGtW7dm1KhRWbBgwW6tf/nll3POOefkzDPPzOrVq3PllVfmwgsvzLJly3o8LADQ+/T4D+WdffbZOfvss3d7/cKFC3P00Udn3rx5SZITTjghP/7xj/OP//iPaWxs7OnpAYBeZq+/Z2TFihVpaGjodqyxsTErVqzY26cGAPYDPb4y0lMbN25MXV1dt2N1dXVpb2/P7373uwwYMGCHPR0dHeno6Oj6ur29fW+PCQAUstdjZE80NzfnhhtuKD0GBQ2fvrj0CMBesnbuOaVH4I/MXr9NM3To0LS2tnY71trampqamp1eFUmSGTNmpK2treuxfv36vT0mAFDIXr8yMn78+CxZsqTbsUcffTTjx4/f5Z7q6upUV1fv7dEAgD8CPb4y8tvf/jarV6/O6tWrk7z50d3Vq1dn3bp1Sd68qjF58uSu9RdffHFeeumlfP7zn89zzz2X22+/Pd/85jdz1VVXvTevAADYr/U4Rp5++umcdNJJOemkk5IkTU1NOemkkzJr1qwkyYYNG7rCJEmOPvroLF68OI8++mhGjRqVefPm5Stf+YqP9QIASZKqSqVSKT3EO2lvb09tbW3a2tpSU1NTehz2AW9ghd7LG1jfP3b357e/TQMAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAitqjGFmwYEGGDx+e/v37Z9y4cXnqqafedv38+fNz3HHHZcCAAamvr89VV12VN954Y48GBgB6lx7HyKJFi9LU1JTZs2dn1apVGTVqVBobG7Np06adrr///vszffr0zJ49O88++2y++tWvZtGiRfnCF77wrocHAPZ/PY6RW2+9NRdddFGmTp2aESNGZOHChTnooINy991373T9k08+mdNOOy3nnXdehg8fno9//OM599xz3/FqCgDw/tCjGNm2bVtWrlyZhoaGt56gT580NDRkxYoVO91z6qmnZuXKlV3x8dJLL2XJkiX55Cc/ucvzdHR0pL29vdsDAOidDujJ4s2bN2f79u2pq6vrdryuri7PPffcTvecd9552bx5c04//fRUKpX8z//8Ty6++OK3vU3T3NycG264oSejAQD7qb3+aZrly5fnpptuyu23355Vq1bl29/+dhYvXpw5c+bscs+MGTPS1tbW9Vi/fv3eHhMAKKRHV0YGDx6cvn37prW1tdvx1tbWDB06dKd7rrvuunzmM5/JhRdemCT58Ic/nK1bt+Zv//ZvM3PmzPTps2MPVVdXp7q6uiejAQD7qR5dGenXr1/GjBmTlpaWrmOdnZ1paWnJ+PHjd7rn9ddf3yE4+vbtmySpVCo9nRcA6GV6dGUkSZqamjJlypSMHTs2p5xySubPn5+tW7dm6tSpSZLJkydn2LBhaW5uTpJMmDAht956a0466aSMGzcuL7zwQq677rpMmDChK0oAgPevHsfIpEmT8sorr2TWrFnZuHFjRo8enaVLl3a9qXXdunXdroRce+21qaqqyrXXXptf/vKXOfzwwzNhwoTceOON792rAAD2W1WV/eBeSXt7e2pra9PW1paamprS47APDJ++uPQIwF6ydu45pUdgH9ndn9/+Ng0AUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRexQjCxYsyPDhw9O/f/+MGzcuTz311Nuu/81vfpNLL700RxxxRKqrq/Nnf/ZnWbJkyR4NDAD0Lgf0dMOiRYvS1NSUhQsXZty4cZk/f34aGxuzZs2aDBkyZIf127Zty1lnnZUhQ4bkoYceyrBhw/KLX/wiBx988HsxPwCwn+txjNx666256KKLMnXq1CTJwoULs3jx4tx9992ZPn36DuvvvvvuvPrqq3nyySdz4IEHJkmGDx/+7qYGAHqNHt2m2bZtW1auXJmGhoa3nqBPnzQ0NGTFihU73fO9730v48ePz6WXXpq6urqceOKJuemmm7J9+/ZdnqejoyPt7e3dHgBA79SjGNm8eXO2b9+eurq6bsfr6uqycePGne556aWX8tBDD2X79u1ZsmRJrrvuusybNy9f/OIXd3me5ubm1NbWdj3q6+t7MiYAsB/Z65+m6ezszJAhQ3LnnXdmzJgxmTRpUmbOnJmFCxfucs+MGTPS1tbW9Vi/fv3eHhMAKKRH7xkZPHhw+vbtm9bW1m7HW1tbM3To0J3uOeKII3LggQemb9++XcdOOOGEbNy4Mdu2bUu/fv122FNdXZ3q6uqejAYA7Kd6dGWkX79+GTNmTFpaWrqOdXZ2pqWlJePHj9/pntNOOy0vvPBCOjs7u449//zzOeKII3YaIgDA+0uPb9M0NTXlrrvuyr333ptnn302l1xySbZu3dr16ZrJkydnxowZXesvueSSvPrqq7niiivy/PPPZ/Hixbnpppty6aWXvnevAgDYb/X4o72TJk3KK6+8klmzZmXjxo0ZPXp0li5d2vWm1nXr1qVPn7cap76+PsuWLctVV12VkSNHZtiwYbniiityzTXXvHevAgDYb1VVKpVK6SHeSXt7e2pra9PW1paamprS47APDJ++uPQIwF6ydu45pUdgH9ndn9/+Ng0AUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRexQjCxYsyPDhw9O/f/+MGzcuTz311G7te+CBB1JVVZWJEyfuyWkBgF6oxzGyaNGiNDU1Zfbs2Vm1alVGjRqVxsbGbNq06W33rV27NldffXXOOOOMPR4WAOh9ehwjt956ay666KJMnTo1I0aMyMKFC3PQQQfl7rvv3uWe7du35/zzz88NN9yQD3zgA+9qYACgd+lRjGzbti0rV65MQ0PDW0/Qp08aGhqyYsWKXe77+7//+wwZMiTTpk3b80kBgF7pgJ4s3rx5c7Zv3566urpux+vq6vLcc8/tdM+Pf/zjfPWrX83q1at3+zwdHR3p6Ojo+rq9vb0nYwIA+5G9+mmaLVu25DOf+UzuuuuuDB48eLf3NTc3p7a2tutRX1+/F6cEAErq0ZWRwYMHp2/fvmltbe12vLW1NUOHDt1h/Ysvvpi1a9dmwoQJXcc6OzvfPPEBB2TNmjU55phjdtg3Y8aMNDU1dX3d3t4uSACgl+pRjPTr1y9jxoxJS0tL18dzOzs709LSkssuu2yH9ccff3x+9rOfdTt27bXXZsuWLfnyl7+8y8Corq5OdXV1T0YDAPZTPYqRJGlqasqUKVMyduzYnHLKKZk/f362bt2aqVOnJkkmT56cYcOGpbm5Of3798+JJ57Ybf/BBx+cJDscBwDen3ocI5MmTcorr7ySWbNmZePGjRk9enSWLl3a9abWdevWpU8fv9gVANg9VZVKpVJ6iHfS3t6e2tratLW1paampvQ47APDpy8uPQKwl6yde07pEdhHdvfnt0sYAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKCoPYqRBQsWZPjw4enfv3/GjRuXp556apdr77rrrpxxxhk55JBDcsghh6ShoeFt1wMA7y89jpFFixalqakps2fPzqpVqzJq1Kg0NjZm06ZNO12/fPnynHvuufnhD3+YFStWpL6+Ph//+Mfzy1/+8l0PDwDs/6oqlUqlJxvGjRuXk08+ObfddluSpLOzM/X19bn88sszffr0d9y/ffv2HHLIIbntttsyefLk3Tpne3t7amtr09bWlpqamp6My35q+PTFpUcA9pK1c88pPQL7yO7+/O7RlZFt27Zl5cqVaWhoeOsJ+vRJQ0NDVqxYsVvP8frrr+f3v/99Dj300F2u6ejoSHt7e7cHANA79ShGNm/enO3bt6eurq7b8bq6umzcuHG3nuOaa67JkUce2S1o/r/m5ubU1tZ2Perr63syJgCwH9mnn6aZO3duHnjggXznO99J//79d7luxowZaWtr63qsX79+H04JAOxLB/Rk8eDBg9O3b9+0trZ2O97a2pqhQ4e+7d5bbrklc+fOzWOPPZaRI0e+7drq6upUV1f3ZDQAYD/Voysj/fr1y5gxY9LS0tJ1rLOzMy0tLRk/fvwu9/3DP/xD5syZk6VLl2bs2LF7Pi0A0Ov06MpIkjQ1NWXKlCkZO3ZsTjnllMyfPz9bt27N1KlTkySTJ0/OsGHD0tzcnCT50pe+lFmzZuX+++/P8OHDu95bMnDgwAwcOPA9fCkAwP6oxzEyadKkvPLKK5k1a1Y2btyY0aNHZ+nSpV1val23bl369Hnrgssdd9yRbdu25dOf/nS355k9e3auv/76dzc9ALDf6/HvGSnB7xl5//F7RqD38ntG3j/2yu8ZAQB4r4kRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABQlRgCAosQIAFCUGAEAihIjAEBRYgQAKEqMAABFiREAoCgxAgAUJUYAgKLECABQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBAAoSowAAEWJEQCgKDECABS1RzGyYMGCDB8+PP3798+4cePy1FNPve36Bx98MMcff3z69++fD3/4w1myZMkeDQsA9D49jpFFixalqakps2fPzqpVqzJq1Kg0NjZm06ZNO13/5JNP5txzz820adPyzDPPZOLEiZk4cWJ+/vOfv+vhAYD9X1WlUqn0ZMO4ceNy8skn57bbbkuSdHZ2pr6+PpdffnmmT5++w/pJkyZl69ateeSRR7qO/fmf/3lGjx6dhQsX7tY529vbU1tbm7a2ttTU1PRkXPZTw6cvLj0CsJesnXtO6RHYR3b353eProxs27YtK1euTENDw1tP0KdPGhoasmLFip3uWbFiRbf1SdLY2LjL9QDA+8sBPVm8efPmbN++PXV1dd2O19XV5bnnntvpno0bN+50/caNG3d5no6OjnR0dHR93dbWluTNwuL9obPj9dIjAHuJ/5e/f/zhv/U73YTpUYzsK83Nzbnhhht2OF5fX19gGgDeS7XzS0/AvrZly5bU1tbu8vs9ipHBgwenb9++aW1t7Xa8tbU1Q4cO3emeoUOH9mh9ksyYMSNNTU1dX3d2dubVV1/NYYcdlqqqqp6MDPyRa29vT319fdavX+89YdDLVCqVbNmyJUceeeTbrutRjPTr1y9jxoxJS0tLJk6cmOTNUGhpaclll1220z3jx49PS0tLrrzyyq5jjz76aMaPH7/L81RXV6e6urrbsYMPPrgnowL7mZqaGjECvdDbXRH5gx7fpmlqasqUKVMyduzYnHLKKZk/f362bt2aqVOnJkkmT56cYcOGpbm5OUlyxRVX5GMf+1jmzZuXc845Jw888ECefvrp3HnnnT09NQDQC/U4RiZNmpRXXnkls2bNysaNGzN69OgsXbq0602q69atS58+b31I59RTT83999+fa6+9Nl/4whdy7LHH5uGHH86JJ5743r0KAGC/1ePfMwLwXuro6Ehzc3NmzJixw+1Z4P1BjAAARflDeQBAUWIEAChKjAAARYkRYJ+74447MnLkyK7fLTJ+/Pj84Ac/KD0WUIg3sAL73Pe///307ds3xx57bCqVSu69997cfPPNeeaZZ/KhD32o9HjAPiZGgD8Khx56aG6++eZMmzat9CjAPvZH+YfygPeP7du358EHH8zWrVvf9s9EAL2XGAGK+NnPfpbx48fnjTfeyMCBA/Od73wnI0aMKD0WUIDbNEAR27Zty7p169LW1paHHnooX/nKV/L4448LEngfEiPAH4WGhoYcc8wx+ed//ufSowD7mI/2An8UOjs709HRUXoMoADvGQH2uRkzZuTss8/OUUcdlS1btuT+++/P8uXLs2zZstKjAQWIEWCf27RpUyZPnpwNGzaktrY2I0eOzLJly3LWWWeVHg0owHtGAICivGcEAChKjAAARYkRAKAoMQIAFCVGAICixAgAUJQYAQCKEiMAQFFiBHq5v/iLv8iVV15ZeoydWrt2baqqqrJ69erd3nPPPffk4IMP3ifnAvYNMQJ0Wb58eaqqqvKb3/xmn5yvvr4+GzZsyIknnviePu8FF1yQiRMn7pNzAe+ev00DFNO3b98MHTq0150L6BlXRqAX2bp1ayZPnpyBAwfmiCOOyLx587p9/7777svYsWMzaNCgDB06NOedd142bdqU5M3bGGeeeWaS5JBDDklVVVUuuOCCJElnZ2eam5tz9NFHZ8CAARk1alQeeuih3Zrptddey/nnn5/DDz88AwYMyLHHHpuvfe1rXef8/7dOvve97+XYY49N//79c+aZZ+bee+/d6dWaZcuW5YQTTsjAgQPziU98Ihs2bEiSXH/99bn33nvz3e9+N1VVVamqqsry5ct3ONcfrgK1tLRk7NixOeigg3LqqadmzZo13c7zxS9+MUOGDMmgQYNy4YUXZvr06Rk9evRuvXZg94gR6EU+97nP5fHHH893v/vd/Nu//VuWL1+eVatWdX3/97//febMmZOf/vSnefjhh7N27dqu4Kivr8+3vvWtJMmaNWuyYcOGfPnLX06SNDc35+tf/3oWLlyY//zP/8xVV12Vv/7rv87jjz/+jjNdd911+a//+q/84Ac/yLPPPps77rgjgwcP3unal19+OZ/+9KczceLE/PSnP81nP/vZzJw5c4d1r7/+em655Zbcd999+dGPfpR169bl6quvTpJcffXV+au/+quuQNmwYUNOPfXUXc43c+bMzJs3L08//XQOOOCA/M3f/E3X977xjW/kxhtvzJe+9KWsXLkyRx11VO644453fM1AD1WAXmHLli2Vfv36Vb75zW92Hfv1r39dGTBgQOWKK67Y6Z6f/OQnlSSVLVu2VCqVSuWHP/xhJUnltdde61rzxhtvVA466KDKk08+2W3vtGnTKueee+47zjVhwoTK1KlTd/q9l19+uZKk8swzz1QqlUrlmmuuqZx44ond1sycObPbTF/72tcqSSovvPBC15oFCxZU6urqur6eMmVK5VOf+tTbnusPr/Wxxx7rWrN48eJKksrvfve7SqVSqYwbN65y6aWXdnue0047rTJq1Kh3fN3A7nNlBHqJF198Mdu2bcu4ceO6jh166KE57rjjur5euXJlJkyYkKOOOiqDBg3Kxz72sSTJunXrdvm8L7zwQl5//fWcddZZGThwYNfj61//el588cV3nOuSSy7JAw88kNGjR+fzn/98nnzyyV2uXbNmTU4++eRux0455ZQd1h100EE55phjur4+4ogjum439dTIkSO7PU+Srudas2bNDuff2TzAu+MNrPA+sXXr1jQ2NqaxsTHf+MY3cvjhh2fdunVpbGzMtm3bdrnvt7/9bZJk8eLFGTZsWLfvVVdXv+N5zz777PziF7/IkiVL8uijj+Yv//Ivc+mll+aWW27Z49dy4IEHdvu6qqoqlUrlXT9XVVVVkjffIwPsO66MQC9xzDHH5MADD8y///u/dx177bXX8vzzzydJnnvuufz617/O3Llzc8YZZ+T444/f4WpCv379kiTbt2/vOjZixIhUV1dn3bp1+eAHP9jtUV9fv1uzHX744ZkyZUr+5V/+JfPnz8+dd96503XHHXdcnn766W7HfvKTn+zWOf7/6/i/r2FPHXfccTucf0/mAd6eKyPQSwwcODDTpk3L5z73uRx22GEZMmRIZs6cmT593vw3x1FHHZV+/frln/7pn3LxxRfn5z//eebMmdPtOf70T/80VVVVeeSRR/LJT34yAwYMyKBBg3L11VfnqquuSmdnZ04//fS0tbXliSeeSE1NTaZMmfK2c82aNStjxozJhz70oXR0dOSRRx7JCSecsNO1n/3sZ3PrrbfmmmuuybRp07J69ercc889Sd66arE7hg8fnmXLlmXNmjU57LDDUltbu9t7/6/LL788F110UcaOHZtTTz01ixYtyn/8x3/kAx/4wB49H7BzroxAL3LzzTfnjDPOyIQJE9LQ0JDTTz89Y8aMSfLm1Yl77rknDz74YEaMGJG5c+fucKtk2LBhueGGGzJ9+vTU1dXlsssuS5LMmTMn1113XZqbm3PCCSfkE5/4RBYvXpyjjz76HWfq169fZsyYkZEjR+ajH/1o+vbtmwceeGCna48++ug89NBD+fa3v52RI0fmjjvu6Po0ze7cEvqDiy66KMcdd1zGjh2bww8/PE888cRu7/2/zj///MyYMSNXX311PvKRj+Tll1/OBRdckP79++/R8wE7V1XZ0xutAPvAjTfemIULF2b9+vWlR0mSnHXWWRk6dGjuu+++0qNAr+E2DfBH5fbbb8/JJ5+cww47LE888URuvvnmris0+9rrr7+ehQsXprGxMX379s2//uu/5rHHHsujjz5aZB7ordymAd6Viy++uNtHfv/v4+KLL+7x8/33f/93PvWpT2XEiBGZM2dO/u7v/i7XX3/9ez/4bqiqqsqSJUvy0Y9+NGPGjMn3v//9fOtb30pDQ0OReaC3cpsGeFc2bdqU9vb2nX6vpqYmQ4YM2ccTAfsbMQIAFOU2DQBQlBgBAIoSIwBAUWIEAChKjAAARYkRAKAoMQIAFCVGAICi/hfwBrh+xbF5VQAAAABJRU5ErkJggg==",
"text/plain": [
"<Figure size 640x480 with 1 Axes>"
]
},
"metadata": {},
"output_type": "display_data"
}
],
"source": [
"amount_per_weekday_for_each_attribute = df.groupby([df['date_sighting'].dt.hour])['one'].sum()\n",
"print(amount_per_weekday_for_each_attribute)\n",
"amount_per_weekday_for_each_attribute.plot(kind='bar', rot=0)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": []
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 3 (ipykernel)",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.10.12"
},
"vscode": {
"interpreter": {
"hash": "99e19f785595e5572f3a0434505ffd496bc893a60c3b4501be593ee9ddcf6bde"
}
}
},
"nbformat": 4,
"nbformat_minor": 4
}
Reference in New Issue View Git Blame Copy Permalink