Alert¶
-
class
TH.IoA(timestamp: pandas._libs.tslibs.timestamps.Timestamp, muid: str, client: Union[Any, str], mitre: str, rule: str, count: Optional[str] = None, details: Optional[str] = None, period: Optional[TH.Core.period.TimePeriod] = TimePeriod())¶ Bases:
Generic[TH.Core.THCollection.T]Warning
This object is not intended to be created, but obtained through queries provided by upper level objects
Class representing an alert triggered on a machineA IoA can be instantiated by providing the following information:timestamp: The timestamp from when this alert has been triggered
muid: The muid of the machine in where the alert has been triggered
client: The affected client identification code
mitre: The Mitre technique/tactic of this alert
rule: The alert rule name
count: Number of alerts of the same type activated in the last hour in this machine
details: Alert details
period: Current defined analysis period
-
get_client(period: Optional[TH.Core.period.TimePeriod] = None) → Any¶ - Parameters
period – Analysis period to apply for the returned client instance
- Returns
Instance of
Clientrepresenting the client for this IoA
-
get_machine(period: Optional[TH.Core.period.TimePeriod] = None) → Any¶ - Parameters
period – Analysis period to apply for the returned machine instance
- Returns
Instance of
Machinerepresenting the machine for this IoA
-
property
client¶ - Returns
The alert client identification code
-
property
count¶ - Returns
The alert accumulated count in the last hour
-
property
mitre¶ - Returns
The alert triggered mitre technique
-
property
muid¶ - Returns
The alert machine identification code
-
property
rule¶ - Returns
The alert triggered rule
-
property
timestamp¶ - Returns
The alert timestamp