# HostSecure IDS - Data analysis:

### Install prerequisites:

In [44]:
import sqlite3
import pandas as pd

### Connect to SQLite database:

In [47]:
con = sqlite3.connect('hostsecure.db')
cur = con.cursor()

### View all endpoints:

In [180]:
# Read sqlite query results into a pandas DataFrame
df = pd.read_sql_query("\
    SELECT \
    macaddress AS 'Mac address', \
    lastheartbeat AS 'Last heartbeat', \
    (CASE WHEN isonline = 1 THEN 'Yes' ELSE 'No' END) AS Online \
    FROM edgenode", con)

# Verify that result of SQL query is stored in the dataframe
df

Unnamed: 0,Mac address,Last heartbeat,Online
0,ABCD,,No
1,EFGH,2011-04-15 17:33:04.372,No
2,IJKL,2016-04-16 07:36:03.988,Yes


### View all virus hashes:

In [98]:
# Read sqlite query results into a pandas DataFrame
df = pd.read_sql_query("\
    SELECT \
    hashkey AS 'Hash key', \
    description AS 'Description' \
    FROM virushash", con)

# Verify that result of SQL query is stored in the dataframe
df

Unnamed: 0,Hash key,Description
0,UVUUNNU,Totally
1,YUCWZXB,not a
2,OPMIMOIBTV,virus


### View all devices:

In [164]:
# Read sqlite query results into a pandas DataFrame
df = pd.read_sql_query("\
    SELECT \
    id as ID, \
    productid AS 'Product ID', \
    vendorid AS 'Vendor ID', \
    serialnumber AS 'Serial number', \
    (CASE \
       WHEN status = 'B' THEN 'Blacklist' \
       WHEN status = 'W' THEN 'Whitelist' \
       ELSE 'Unknown' END) AS Status \
    FROM device", con)

# Verify that result of SQL query is stored in the dataframe
df

Unnamed: 0,ID,Product ID,Vendor ID,Serial number,Status
0,1,QWER,DCBA,1000,Blacklist
1,2,TYUI,HGFE,1001,Unknown
2,3,ASDF,LKJI,1002,Unknown


### View all logs:

In [170]:
# Read sqlite query results into a pandas DataFrame
df = pd.read_sql_query("\
    SELECT \
    edgenodemacaddress AS 'Endpoint MAC address', \
    deviceid AS 'Device ID', \
    logtime AS 'Time', \
    loginfo AS 'Log' \
    FROM log", con)

# Verify that result of SQL query is stored in the dataframe
df

Unnamed: 0,Endpoint MAC address,Device ID,Time,Log
0,ABCD,3,2021:09:09 22:36:00:000,Number 0
1,EFGH,1,2021:09:09 22:36:00:001,Number 1
2,IJKL,2,2021:09:09 22:36:00:002,Number 2


### Product/vendor overview:

In [172]:
# Read sqlite query results into a pandas DataFrame
df = pd.read_sql_query("\
    SELECT \
    productid AS 'Product ID', \
    vendorid AS 'Vendor ID', \
    productname AS 'Product name', \
    vendorname AS 'Vendor name' \
    FROM productvendor", con)

# Verify that result of SQL query is stored in the dataframe
df

Unnamed: 0,Product ID,Vendor ID,Product name,Vendor name
0,QWER,DCBA,Make,Sabaton
1,TYUI,HGFE,Pepsi Twist,Babymetal
2,ASDF,LKJI,Again,Nightwish


### Close database connection:

In [181]:
con.close()