Node Data¶

class orion_notebook.graph.nodes.node_data.DnsOpsNodeData(name: str = '', date_from: Optional[orion_notebook.date.OrionDate] = None, date_to: Optional[orion_notebook.date.OrionDate] = None, datetime: str = '', timestamp: str = '', md5: str = '', pid: int = 0, muid: str = '', action: int = 0, failed_queries: int = 0, queried_domain_count: int = 0, domain_list: str = '', event_type: str = '')¶

Bases: orion_notebook.graph.nodes.node_data.NodeData

Represents the data associated to a DnsOpsNode

Constructor arguments:

failed_queries (int): Number of failed queries

queried_domain_count (int): Number of domains affected by queries

domain_list (str): List of domains affected by queries

event_type (str): Event type of edge (default empty)

domain_list: str = ''¶

event_type: str = ''¶

failed_queries: int = 0¶

queried_domain_count: int = 0¶

class orion_notebook.graph.nodes.node_data.DocumentNodeData(name: str = '', date_from: Optional[orion_notebook.date.OrionDate] = None, date_to: Optional[orion_notebook.date.OrionDate] = None, datetime: str = '', timestamp: str = '', md5: str = '', pid: int = 0, muid: str = '', action: int = 0, filename: str = '', path: str = '')¶

Bases: orion_notebook.graph.nodes.node_data.NodeData

Represents the data associated to a DocumentNode

Constructor arguments:: filename (str): File name of the document that the node represents (default empty)

filename: str = ''¶

path: str = ''¶

class orion_notebook.graph.nodes.node_data.DownloadNodeData(name: str = '', date_from: Optional[orion_notebook.date.OrionDate] = None, date_to: Optional[orion_notebook.date.OrionDate] = None, datetime: str = '', timestamp: str = '', md5: str = '', pid: int = 0, muid: str = '', action: int = 0, event_type: str = '', parent_md5: Optional[str] = None, parent_path: Optional[str] = None, parent_filename: str = '', parent_pid: int = '', child_md5: Optional[str] = None, child_path: Optional[str] = None, child_filename: str = '', child_url: str = '', logged_user: str = '')¶

Bases: orion_notebook.graph.nodes.node_data.NodeData

Represents the data associated to a DownloadNodeData

Constructor arguments:

event_type (str): Event type of edge

parent_md5 (str): md5 for the process related operation in the source node (default None)

parent_path (): Path for the process related operation in the source node (default empty)

parent_filename (str): Parent filename

parent_pid (str): Pid for the process related operation in the source node (default None)

child_md5 (str): md5 for the process related operation in the target node (default None)

child_path (str): Path for the process related operation in the target node (default empty)

child_filename (str): Child filename

child_url (str): Url of the download event (default empty)

logged_user (str): Logged user corresponding to the event (default empty)

child_filename: str = ''¶

child_md5: str = None¶

child_path: str = None¶

child_url: str = ''¶

event_type: str = ''¶

logged_user: str = ''¶

parent_filename: str = ''¶

parent_md5: str = None¶

parent_path: str = None¶

parent_pid: int = ''¶

class orion_notebook.graph.nodes.node_data.DownloadUrlNodeData(name: str = '', date_from: Optional[orion_notebook.date.OrionDate] = None, date_to: Optional[orion_notebook.date.OrionDate] = None, datetime: str = '', timestamp: str = '', md5: str = '', pid: int = 0, muid: str = '', action: int = 0, event_type: str = '', child_url: str = '')¶

Bases: orion_notebook.graph.nodes.node_data.NodeData

Represents the data associated to a DownloadNodeData

Constructor arguments:

event_type (str): Event type of edge

child_url (str): Url of the download event

child_url: str = ''¶

event_type: str = ''¶

class orion_notebook.graph.nodes.node_data.IpNodeData(name: str = '', date_from: Optional[orion_notebook.date.OrionDate] = None, date_to: Optional[orion_notebook.date.OrionDate] = None, datetime: str = '', timestamp: str = '', md5: str = '', pid: int = 0, muid: str = '', action: int = 0, remote_ip: str = '', remote_port: str = '', direction: str = '', hostname: str = '')¶

Bases: orion_notebook.graph.nodes.node_data.NodeData

Represents the data associated to a IpNode

Constructor arguments:

remote_ip (str): Remote IP of the node (default empty)

remote_port (str): Remote port of the node (default empty)

direction (str): Direction of the communication. Where: outgoing = 0, incoming = 1 (default 0) (default empty)

hostname (str): Host name for the remote IP (if exists) (default empty)

direction: str = ''¶

hostname: str = ''¶

remote_ip: str = ''¶

remote_port: str = ''¶

class orion_notebook.graph.nodes.node_data.MachineNodeData(name: str = '', date_from: Optional[orion_notebook.date.OrionDate] = None, date_to: Optional[orion_notebook.date.OrionDate] = None, datetime: str = '', timestamp: str = '', md5: str = '', pid: int = 0, muid: str = '', action: int = 0)¶

Bases: orion_notebook.graph.nodes.node_data.NodeData

Represents the data associated to a MachineNode

class orion_notebook.graph.nodes.node_data.NodeData(name: str = '', date_from: Optional[orion_notebook.date.OrionDate] = None, date_to: Optional[orion_notebook.date.OrionDate] = None, datetime: str = '', timestamp: str = '', md5: str = '', pid: int = 0, muid: str = '', action: int = 0)¶

Bases: object

Base class all classes related to node data, containing common properties shared by all types of nodes. Represents the data associated to any type of node

Constructor arguments:

name (str): Name for the node (default empty)

date_from (OrionDate): Datetime for the first occurrence of the event represented by this node (default None)

date_to (OrionDate): Datetime for the last occurrence of the event represented by this node (default None)

datetime (str): Datetime for the occurrence of the event represented by this node (default empty)

timestamp (str): TimeStamp for the occurrence of the event represented by this node (default empty)

md5 (str): Md5 of the node (default empty)

pid (int): Pid of the node (default empty)

muid (str): MUID of the machine that has this event (default empty)

action (int): Id of the action made with the event

action: int = 0¶

date_from: orion_notebook.date.OrionDate = None¶

date_to: orion_notebook.date.OrionDate = None¶

datetime: str = ''¶

get(attr: str, default: Optional[object] = None) → object¶

Function to safely access an attribute in NodeData instances

Parameters

attr (str) – Attribute name to attempt to retrieve
default (object) – Object to return if the attribute does not exist

Returns

The attribute value if it exists. Otherwise, None or default param if provided

Return type

object

md5: str = ''¶

muid: str = ''¶

name: str = ''¶

pid: int = 0¶

timestamp: str = ''¶

class orion_notebook.graph.nodes.node_data.ProcessNodeData(name: str = '', date_from: Optional[orion_notebook.date.OrionDate] = None, date_to: Optional[orion_notebook.date.OrionDate] = None, datetime: Optional[str] = None, timestamp: str = '', md5: str = '', pid: int = 0, muid: str = '', action: int = 0, path: str = '', filename: str = '')¶

Bases: orion_notebook.graph.nodes.node_data.NodeData

Represents the data associated to a ProcessNode (and its specific classes)

Constructor arguments:: datetime (str): Datetime when the event of the node take place (default None)

datetime: str = None¶

filename: str = ''¶

path: str = ''¶

class orion_notebook.graph.nodes.node_data.RegistryOpsNodeData(name: str = '', date_from: Optional[orion_notebook.date.OrionDate] = None, date_to: Optional[orion_notebook.date.OrionDate] = None, datetime: str = '', timestamp: str = '', md5: str = '', pid: int = 0, muid: str = '', action: int = 0, key: str = '', value: str = '', event_type: str = '')¶

Bases: orion_notebook.graph.nodes.node_data.NodeData

Represents the data associated to a RegistryOpsNode

Constructor arguments:

key (str): Registry Key (default empty)

value (str): Registry Key value (default empty)

event_type (str): Event type of edge (default empty)

event_type: str = ''¶

key: str = ''¶

value: str = ''¶

class orion_notebook.graph.nodes.node_data.ScriptNodeData(name: str = '', date_from: Optional[orion_notebook.date.OrionDate] = None, date_to: Optional[orion_notebook.date.OrionDate] = None, datetime: str = '', timestamp: str = '', md5: str = '', pid: int = 0, muid: str = '', action: int = 0, path: str = '', filename: str = '', filesize: int = 0)¶

Bases: orion_notebook.graph.nodes.node_data.NodeData

Represents the data associated to a ScriptNode

Constructor arguments:

path (str): Path of the script that the node represents (default empty)

filename (str): File name of the script that the node represents (default empty)

filesize (int): File size of the script that the node represents (default empty)

filename: str = ''¶

filesize: int = 0¶

path: str = ''¶

class orion_notebook.graph.nodes.node_data.UserNodeData(name: str = '', date_from: Optional[orion_notebook.date.OrionDate] = None, date_to: Optional[orion_notebook.date.OrionDate] = None, datetime: str = '', timestamp: str = '', md5: str = '', pid: int = 0, muid: str = '', action: int = 0)¶

Bases: orion_notebook.graph.nodes.node_data.NodeData

Represents the data associated to a UserNode