## User Story:
The IT department of _**Plain Corp**_ has implemented a custom-built _Computer Management Solution (CMS)_ which comes with a feature that reports information about computers in their environment such as metadata, installed programs and logins. The current problem faced by the IT team is that the reports created by CMS do not answer all the questions they have about the computers in their environment. Luckily, they figured out that the CMS stores its raw data in a SQLite (v3.45.0)  _database (DB)_ file and that they could write custom SQL queries to report the information not provided within the CMS reports.

## Goal:
Your job will be to update this Jupyter Notebook with the SQL queries needed to meet the IT team’s reporting needs. It is recommended to use a Database IDE to help with query writing and data exploration.

## Directions:
Download the attached zip file which contains all the files you need to complete this assignment. Below is a description of each of the three files within the attached zip file:
- **cms.sqlite**: The database you must query from to complete this assignment.
- **cms_data_dictionary.txt**: A data dictionary describing the tables within this database.
- **GA Mission - Data Analyst.ipynb**: The Jupyter Notebook file you must update to complete the assignment. Rules to abide by while completing this assignment are listed within this Jupyter Notebook.

## Our Expectations
This assignment <ins>**should take you no longer than 2 hours**</ins> to complete. Make sure your outputs are visible in a web browser when uploaded to a public repository and that they are presented in a way that is understandable by someone with some technical experience but no programming experience. Extra rules to abide by are described in the included Juptyter Notebook file.

We would prefer that you share the code with us by pushing it to a public repository in the hosting provider of your choosing. If you do not want to upload it to a public repository then you can zip up the repository folder on your machine and send it to us via email. If you go that route, please make sure that the .git folder is included.

We recommend  that you use a Database IDE (e.g., DBeaver, Datagrip, etc.) to assist with query writing and data exploration. If you have any questions, please contact us and we will do our best to clarify anything that is unclear.

## Rules:
- The code should be stored in a git repository.
- With the exception of ***Pandas***, you can use any Python Packages you like.
- Do not edit the data in the **cms.sqlite** DB file.
- Your query results must be output in a _Pandas DataFrame (PD)_.
- Questions 4 and 5 are written answer questions where no code or SQL is necessary.
- Question 6 is a written answer question that may require code or SQL depending on your answer. This question can be thought of as a chance to share any observations you've made or perform a light EDA on the data. There are no right or wrong answers for this question.

# Questions

In [22]:
# Import libraries
import os
import pandas as pd
import sqlite3
from pathlib import Path as Path

In [23]:
# Set uo connection, cursor
conn = sqlite3.connect('c: <my path > \\cms.sqlite')
cursor = conn.cursor()

In [24]:
# Checl Tables
cursor.execute("SELECT name FROM sqlite_master WHERE type='table';")
print(cursor.fetchall())

[('computers',), ('installed_programs',), ('login_records',), ('ip_whitelist',)]


 <font size='5'> 1. Count how many Admin and Regular computers are in the database.</font>

In [25]:
cms_1 = pd.read_sql(''' SELECT computer_type, count(computer_type) FROM computers 
                        WHERE computers.computer_type = 'Admin' OR computers.computer_type = 'Regular'
                        GROUP by computer_type;
                        ''', conn)
cms_1

Unnamed: 0,computer_type,count(computer_type)
0,Admin,8
1,Regular,24


<font size='5'>2a. Identify all non-admin computers with the programs **Bitwarden**, **Quickpass** or **1password** installed, please note that the listed program names may not match exactly to the program names in the database. Be sure to include the computer names, operating system, program names and program version in the PD output.</font>

In [26]:
cms_2a = pd.read_sql(''' select
                        installed_programs.computer_name,
                        installed_programs.program_name,
                        installed_programs.program_version,
                        computers.operating_system
                        from installed_programs
                        inner join computers
                        on installed_programs.computer_name = computers.computer_name
                        WHERE 
                        computers.computer_type != 'Admin'
                        AND program_name LIKE '%Bitwarden%'
                        OR program_name LIKE '%Quickpass%'
                        OR program_name LIKE '%1password%';
                        ''', conn)
cms_2a

Unnamed: 0,computer_name,program_name,program_version,operating_system
0,DESKTOP-AFKOOLQ,Quickpass,15.0.21225.01,Microsoft Windows 10 Pro N
1,DESKTOP-AFKOOLQ,Quickpass,15.0.21225.01,Microsoft Windows 10 Pro N
2,DESKTOP-O23A1M7,Quickpass,15.0.21225.01,Microsoft Windows 11 Pro
3,DESKTOP-O23A1M7,Quickpass,15.0.21225.01,Microsoft Windows 11 Pro
4,DESKTOP-O23A1M7,Quickpass,15.0.21225.01,Microsoft Windows 11 Pro
5,DESKTOP-O23A1M7,Quickpass,15.0.21225.01,Microsoft Windows 11 Pro
6,DESKTOP-O23A1M7,Quickpass,15.0.21225.01,Microsoft Windows 11 Pro
7,DESKTOP-O23A1M7,Quickpass,15.0.21225.01,Microsoft Windows 11 Pro
8,GREG_WORK,Quickpass,15.0.21225.01,Microsoft Windows 11 Business
9,GREG_WORK,Quickpass,15.0.21225.01,Microsoft Windows 11 Business


<font size='5'>2b. Report the latest version of each program and how many computers have said programs installed.</font>

In [27]:
cms_2b = pd.read_sql(''' SELECT program_name, program_version, max(program_version), count(computer_name) AS total_computers
                        FROM installed_programs
                        GROUP by program_name
                        ORDER BY total_computers DESC;
                        ''', conn)
cms_2b

Unnamed: 0,program_name,program_version,max(program_version),total_computers
0,Microsoft Update Health Tools,5.72.0.0,5.72.0.0,35
1,HOTKEY,1.0.1,1.0.1,35
2,Microsoft Teams,1.6.0.4472,1.6.0.4472,30
3,Visual C++ Library CRT Desktop Appx Package,14.36.32532,14.36.32532,27
4,Office 16 Click-to-Run Licensing Component,16.0.17126.20132,16.0.17126.20132,25
...,...,...,...,...
598,Amazon Corretto (x64),11.0.19.7,11.0.19.7,1
599,AdoptOpenJDK JRE with Hotspot 11.0.7.10 (x64),11.0.7.10,11.0.7.10,1
600,API Monitor v2 (Alpha),2.13.0,2.13.0,1
601,7-Zip 22.01 (x64 edition),22.01.00.0,22.01.00.0,1


<font size='5'> 2c. Report each program and the ratio of which computers out of all computers have said programs installed. Express the ratio in the format of “**X** out of **Y**“ computers and as a percentage rounded to the 2nd. Hint: To calculate the percentage, you will have to cast one of the numbers to a decimal by multiplying them by **1.0**.</font>

In [28]:
cms_2c = pd.read_sql(''' SELECT program_name, count(computer_name)/ 38.0 AS count_prop FROM installed_programs
                        GROUP by program_name
                        ORDER BY count_prop DESC;
                        ''', conn)
cms_2c

Unnamed: 0,program_name,count_prop
0,Microsoft Update Health Tools,0.921053
1,HOTKEY,0.921053
2,Microsoft Teams,0.789474
3,Visual C++ Library CRT Desktop Appx Package,0.710526
4,Office 16 Click-to-Run Licensing Component,0.657895
...,...,...
598,Amazon Corretto (x64),0.026316
599,AdoptOpenJDK JRE with Hotspot 11.0.7.10 (x64),0.026316
600,API Monitor v2 (Alpha),0.026316
601,7-Zip 22.01 (x64 edition),0.026316


<font size='5'>3a. Report which admin computers have logins on or later than May 2023, have **Python** installed on their computers and whose IP addresses are not in the IP whitelist table. Be sure to include the computer name, IP address and login timestamp; order the results by most recent date and computer name.</font>

In [29]:
cms_3a = pd.read_sql(''' SELECT 
                        login_records.computer_name, 
                        login_records.login_ip, 
                        login_records.login_timestamp  
                        FROM login_records
                        JOIN computers
                        ON login_records.computer_name = computers.computer_name
                        JOIN installed_programs
                        ON login_records.computer_name = installed_programs.computer_name 
                        WHERE 
                        computers.computer_type = 'Admin'
                        AND installed_programs.program_name LIKE '%Python%'
                        AND login_records.login_timestamp >= '2023-05'
                        AND login_records.login_ip NOT IN 
                        (SELECT login_ip FROM ip_whitelist)
                        ORDER BY login_records.login_timestamp DESC, login_records.computer_name;
                        ''', conn)
cms_3a

Unnamed: 0,computer_name,login_ip,login_timestamp
0,PLAINCORP-13,73.18.119.169,2023-07-19 15:56:48
1,PLAINCORP-13,73.18.119.169,2023-07-19 15:56:48
2,PLAINCORP-13,73.18.119.169,2023-07-19 15:56:48
3,PLAINCORP-13,73.18.119.169,2023-07-19 15:56:48
4,PLAINCORP-13,73.18.119.169,2023-07-19 15:56:48
5,PLAINCORP-13,73.18.119.169,2023-07-19 15:56:48
6,PLAINCORP-13,73.18.119.169,2023-07-19 15:56:48
7,PLAINCORP-13,73.18.119.169,2023-07-19 15:56:48
8,PLAINCORP-13,73.18.119.169,2023-07-19 15:56:48
9,PLAINCORP-13,73.18.119.169,2023-07-19 15:56:48


<font size='5'>3b. Below are the requirements for the modifications you should make to the PD output from **3a**, you cannot change the SQL query to meet these requirements:</font>
- <font size='5'>Replace the 2nd and 4th octets of the IP address with **\*** (e.g., 10.\*.0.\*). Your solution must use regex.</font>
- <font size='5'>Format the login timestamp as the date only (e.g., 01/20/2024)</font>


In [30]:
import datetime
cms_3b = cms_3a

In [31]:
# Change to datetime

cms_3b['login_timestamp'] = pd.to_datetime(cms_3b['login_timestamp'])

print(cms_3b.dtypes)
print(cms_3b.head())

computer_name              object
login_ip                   object
login_timestamp    datetime64[ns]
dtype: object
  computer_name       login_ip     login_timestamp
0  PLAINCORP-13  73.18.119.169 2023-07-19 15:56:48
1  PLAINCORP-13  73.18.119.169 2023-07-19 15:56:48
2  PLAINCORP-13  73.18.119.169 2023-07-19 15:56:48
3  PLAINCORP-13  73.18.119.169 2023-07-19 15:56:48
4  PLAINCORP-13  73.18.119.169 2023-07-19 15:56:48


In [32]:
# Change date
cms_3b['login_timestamp'] = cms_3b['login_timestamp'].dt.date

print(cms_3b.dtypes)
print(cms_3b.head())

computer_name      object
login_ip           object
login_timestamp    object
dtype: object
  computer_name       login_ip login_timestamp
0  PLAINCORP-13  73.18.119.169      2023-07-19
1  PLAINCORP-13  73.18.119.169      2023-07-19
2  PLAINCORP-13  73.18.119.169      2023-07-19
3  PLAINCORP-13  73.18.119.169      2023-07-19
4  PLAINCORP-13  73.18.119.169      2023-07-19


In [33]:
# Use regular expressions to mask Ip
import re

In [34]:
for i in range(len(cms_3b['login_ip'])):
    cms_3b['login_ip'][i] = re.compile(r'^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$').sub(r'\1.*.\3.*', cms_3b['login_ip'][i])
    
print(cms_3b.head())

  computer_name    login_ip login_timestamp
0  PLAINCORP-13  73.*.119.*      2023-07-19
1  PLAINCORP-13  73.*.119.*      2023-07-19
2  PLAINCORP-13  73.*.119.*      2023-07-19
3  PLAINCORP-13  73.*.119.*      2023-07-19
4  PLAINCORP-13  73.*.119.*      2023-07-19


<font size='5'>4. Bob from the IT department noticed a SQL query was starting to get slow and since he knew a little bit of SQL from college, he decided to fix the query himself. The first thing Bob did was to reduce the number of unnecessary joins in the query, but the new query was still slow. Was Bob’s initial approach the correct one? If so, explain Bob's next steps? If not, explain what Bob should've done instead?</font>

In [1]:
# Bob's first step was a reasonable one. I would suggest a few other steps he could try:
    # He could reduce table sizes by selecting only the columns he needs
    # He could also check or change the indexing of the columns
    # He could break queries up by cacheing/ saving the results of large calculations
    # Similarly he could limit the large table queries
    # He could perform any update, deletes, and relpacements in batches insead of one at a time
    # He could come consult with me or a database administrator before going further

<font size='5'>5. To improve the CMS’s backend and report capabilities, the IT department wants to provide feedback to the contractor who built the CMS solution and wants your input.  How would you improve or change the data model? If you decide to create a data diagram you must save it as a PDF file in the same folder as this Jupyter Notebook.</font>

In [1]:
# Here are a few ways that I would improve or change the model:
    # Change data types from VARCHAR to appropriate
    # Add to the whitelist, discuss it's function and best use
    # From #4: Consider checking or changing the indexing for more efficient function
    # Look at security considerations beyond masking some of the IP address, maybe user permissions
    # Automate any processes possible - incld: transformation of data types upon intake,
        # 

<font size='5'>6. Did you notice anything interesting or anything wrong with the data? If so, please describe what you found and if possible, provide any related evidence.</font>

In [21]:
#EDA:
# Why are IP’s on the whitelist not flagged by the CMS?
ipw_q = pd.read_sql(''' SELECT * FROM ip_whitelist;
                        ''', conn)

ipw_q

Unnamed: 0,whitelist_record_id,login_ip
0,1,196.111.93.1
1,2,185.159.158.100
2,3,74.105.105.185
