-
Notifications
You must be signed in to change notification settings - Fork 0
/
plot.py
138 lines (113 loc) · 4.38 KB
/
plot.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
from dash import dcc, html, Dash
from dash.dependencies import Input, Output
import plotly.express as px
import pandas as pd
import plotly.express as px
from dash.exceptions import PreventUpdate
# Assuming 'consolidated_logs_df' is a DataFrame defined outside this function
# You should pass this DataFrame as a parameter to the run_dash_app function
def run_dash_app(df):
app = Dash(__name__)
# Generate options for the dropdowns based on the DataFrame
event_options = [{'label': i, 'value': i} for i in df['eventName'].unique()]
ip_options = [{'label': i, 'value': i} for i in df['sourceIPAddress'].unique()]
app.layout = html.Div([
html.H1("Interactive Event Filtering"),
dcc.Dropdown(
id='event-dropdown',
options=event_options,
value=[option['value'] for option in event_options],
multi=True
),
dcc.Dropdown(
id='ip-dropdown',
options=ip_options,
value=[option['value'] for option in ip_options],
multi=True
),
dcc.Graph(id='events-graph')
])
@app.callback(
Output('events-graph', 'figure'),
[Input('event-dropdown', 'value'),
Input('ip-dropdown', 'value')]
)
def update_graph(selected_events, selected_ips):
# Filter based on selected event names and IP addresses
filtered_df = df[
df['eventName'].isin(selected_events) &
df['sourceIPAddress'].isin(selected_ips)
]
# Create the figure using Plotly Express
fig = px.scatter(
filtered_df,
x='eventTime',
y='sourceIPAddress',
color='eventName',
title="Event Activities Over Time",
hover_data=['eventID', 'eventName']
)
# Customize hover template to display additional data
fig.update_traces(
hovertemplate='<b>%{y}</b><br>Time: %{x|%Y-%m-%d %H:%M:%S}<br>Event: %{marker.color}<br>ID: %{customdata[0]}'
)
return fig
app.run_server(debug=True)
# Function to read CSV and process data
def load_and_process_csv(csv_file, exclude_detections=None):
exclude_detections = exclude_detections or []
df = pd.read_csv(csv_file)
df.fillna('NAN', inplace=True)
df['timestamp'] = pd.to_datetime(df['timestamp'])
df['detections_y'] = df['detections'].astype('category').cat.codes
df = df[~df['detections'].isin(exclude_detections)]
return df
# Function to create Plotly figure
def create_plotly_figure(df):
fig = px.scatter(
df,
x='timestamp',
y='detections_y',
color='detections',
labels={'detections_y': 'Detections'},
title='Sigma Detections Over Time'
)
# Update layout to remove y-axis labels
fig.update_layout(
yaxis=dict(showticklabels=False),
xaxis_title='Timestamp',
legend_title='Event Detections'
)
# You can further customize the hover_data to include any additional details you want to display
# and also customize markers if necessary.
return fig
def run_wlogs_app(csv_file, exclude_detections=None):
df = load_and_process_csv(csv_file, exclude_detections)
app = Dash(__name__)
event_options = [{'label': i, 'value': i} for i in df['detections'].unique()]
app.layout = html.Div([
html.H1("Interactive Sigma Detections"),
dcc.Dropdown(
id='event-dropdown',
options=event_options,
value=[option['value'] for option in event_options],
multi=True
),
dcc.Graph(id='sigma-graph')
])
@app.callback(
Output('sigma-graph', 'figure'),
[Input('event-dropdown', 'value')]
)
def update_graph(selected_detections):
# Ensure selected_detections is always a list, even if it's a single value
if not selected_detections:
raise PreventUpdate
# If selected_detections is not already a list (e.g., when a single value is selected), make it a list
if not isinstance(selected_detections, list):
selected_detections = [selected_detections]
# Now we can safely use isin() as we're sure selected_detections is a list
filtered_df = df[df['detections'].isin(selected_detections)]
fig = create_plotly_figure(filtered_df)
return fig
app.run_server(debug=True)