Git Product home page Git Product logo

picatrix's Introduction

Picatrix

Open In Colab Open In Binder Version GitHub e2e Test Status

Picatrix is a framework that is meant to be used within a Colab or Jupyter notebooks. The framework is designed around providing a security analyst with the libraries to develop helper functions that will be exposed as magics and regular python functions in notebooks.

This makes it easier to share an environment with other analysts, exposing common functions that are used in notebooks to everyone. In addition to that the functions themselves are designed to make it easier to work with various APIs and backends in a notebook environment. The functions mostly involve returning data back as a pandas DataFrame for further processing or to work with pandas (manipulate pandas, change values, enrich data, upload data frames to other services, etC).

Howto Get Started

Read the installation instructions on the best ways to install picatrix.

After installing, connect to the Jupyter notebook in your web browser (should open up automatically). Inside the notebook you need to import the picatrix library and initialize it:

from picatrix import notebook_init
notebook_init.init()

(if you are using the docker container you don't need to import these libraries, that is done for you automatically).

And that's it, then all the magics/helper functions are now ready and accessible to your notebook. To get a list of the available helpers, use:

%picatrixmagics

Or

picatrixmagics_func()

Each magic has a --help parameter or the functions with _func?. Eg.

timesketch_set_active_sketch_func?

Examples

To get all sketches, you can use the following magic

%timesketch_get_sketches

For most of the magics you need to set an active sketch

%timesketch_set_active_sketch 1

To query the sketch, the following magic will execute a search and return the results as a search object, that can be easily converted into a pandas dataframe:

search_obj = %timesketch_query 'message:Another'
search_obj.table

Further documentation on the search object can be found here

To add a manual event with a function use:

timesketch_add_manual_event_func('Eventdescriptiontext', attributes=attributesdict)

Which is the same as:

%timesketch_add_manual_event Eventdescriptiontext --attributes {{attributesdict}}

Discussions

Want to discuss the project, have issues, want new features, join the slack workspace here, the channel for picatrix is #picatrix.

picatrix's People

Contributors

dabrady avatar jaegeral avatar kiddinn avatar mariuszlitwin avatar obsidianforensics avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

picatrix's Issues

Detangle the issues with magic arguments

ATM when you initialize a magic class it has an optional argument of arguments, which is a list of MagicArgument.

If it is not supplied it is ignored and arguments are derived from a docstring.

This could be detangled, and MagicArgument be better defined and used throughout. Also it should not be done in the __init__ function but arguments should be configured after initialization of the object.

Add unit tests for all files that are in

None of the files that were checked in contain any unit tests. These need to be added.

This also requires:

  • updating the setup.py file to include running the tests
  • adding a GH action/workflow to run the tests.
  • Adding test files for every file currently checked in

Add an initialization file

This will be stored in picatrix/__init__.py

Tasks:

  • Import all magics
  • Create a context object
  • Create an init() function that creates the context object (or checks if it exists and returns it). This function will initialize the magic framework.

Use typing to construct argument list

Right now all the arguments are constructed from parsing the docstring. This should be changed, to reduce the reliance on docstring parsing and instead make use of typing and the casting/verification that can be done there.

Add a helper function registration

Instead of having just magics, we also need to have a way to register helper function so that they become discoverable.

Add a simple decorator to helper functions, framework.picatrix_helper that only takes the function and registers it.

Add e2e tests for picatrix

This will come after TS magics are in, at least.

Then aim to have a e2e test for each magic that we add to the project.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.