In [1]:
import sqlite3
import pandas as pd
import random

# Path to your SQLite database file
db_file = r"C:/Users/I745988/Downloads/2023-10-25_cti_data_majd/2023-10-25_cti_data_majd.db"

# Connect to the SQLite database
conn = sqlite3.connect(db_file)


Cell 2: Load Data and Provide Initial Insights

In [2]:
# Function to load table data into a DataFrame
def load_table_to_dataframe(conn, table_name):
    query = f"SELECT * FROM {table_name}"
    return pd.read_sql_query(query, conn)

# List of tables to load
tables_to_load = ['pulses', 'indicators', 'ip_location']

# Load data into DataFrames
dataframes = {table: load_table_to_dataframe(conn, table) for table in tables_to_load}

# Access individual DataFrames
pulses_df = dataframes['pulses']
indicators_df = dataframes['indicators']
ip_location_df = dataframes['ip_location']

# Initial insights
print(f"Pulses Table: {len(pulses_df)} rows")
print(pulses_df.info())
print(pulses_df.head())

print(f"\nIndicators Table: {len(indicators_df)} rows")
print(indicators_df.info())
print(indicators_df.head())

print(f"\nIP Location Table: {len(ip_location_df)} rows")
print(ip_location_df.info())
print(ip_location_df.head())


Pulses Table: 2966 rows
<class 'pandas.core.frame.DataFrame'>
RangeIndex: 2966 entries, 0 to 2965
Data columns (total 13 columns):
 #   Column          Non-Null Count  Dtype 
---  ------          --------------  ----- 
 0   id              2966 non-null   object
 1   name            2966 non-null   object
 2   description     2966 non-null   object
 3   author_name     2966 non-null   object
 4   modified        2966 non-null   object
 5   created         2966 non-null   object
 6   public          2966 non-null   int64 
 7   adversary       2946 non-null   object
 8   TLP             2966 non-null   object
 9   revision        2966 non-null   int64 
 10  in_group        2966 non-null   int64 
 11  is_subscribing  5 non-null      object
 12  malware_family  2966 non-null   object
dtypes: int64(3), object(10)
memory usage: 301.4+ KB
None
                         id  \
0  645c9a033dd0e4e34e6cba8f   
1  63ac057b2644355f3788973e   
2  63abba430849f35bb074ab1a   
3  63a55b8feb56dde69cb1e884

Cell 3: Join Indicators and Pulses Tables

In [8]:
# Join indicators_df and pulses_df on the 'pulse_id' and 'id' columns
indicators_pulses_df = pd.merge(indicators_df, pulses_df, left_on='pulse_id', right_on='id', suffixes=('_indicator', '_pulse'))

# Display the merged DataFrame
print(f"Indicators and Pulses Merged Table: {len(indicators_pulses_df)} rows")
print(indicators_pulses_df.head())


Indicators and Pulses Merged Table: 6892660 rows
   id_indicator                  pulse_id                         indicator  \
0    3678952388  645c9a033dd0e4e34e6cba8f  32788cd0818804797beb15135695e165   
1    3678952389  645c9a033dd0e4e34e6cba8f  32dd32a4496e689ba904e92385d350d5   
2    3678952390  645c9a033dd0e4e34e6cba8f  3343fe2b2f76cda4c776eb592a4d0146   
3    3678952391  645c9a033dd0e4e34e6cba8f  48e074289337a25992d16166bab58c73   
4    3678952392  645c9a033dd0e4e34e6cba8f  623b083c79bd9855db70cb1509861cb0   

           type    created_indicator content  \
0  FileHash-MD5  2023-05-11T07:32:46           
1  FileHash-MD5  2023-05-11T07:32:46           
2  FileHash-MD5  2023-05-11T07:32:46           
3  FileHash-MD5  2023-05-11T07:32:46           
4  FileHash-MD5  2023-05-11T07:32:46           

                                       title  \
0  Bdaejec, Flooder.LYI, Win32/Flooder.Agent   
1  Bdaejec, Flooder.LYI, Win32/Flooder.Agent   
2               Bdaejec, Win32/Flooder.Agen

In [9]:
indicators_pulses_df

Unnamed: 0,id_indicator,pulse_id,indicator,type,created_indicator,content,title,description_indicator,expiration,is_active,...,author_name,modified,created_pulse,public,adversary,TLP,revision,in_group,is_subscribing,malware_family
0,3678952388,645c9a033dd0e4e34e6cba8f,32788cd0818804797beb15135695e165,FileHash-MD5,2023-05-11T07:32:46,,"Bdaejec, Flooder.LYI, Win32/Flooder.Agent",MD5 of 62958d20e3f6b262d16e5d5478c2c0d882ecec7...,,1,...,LoveAndren,2023-05-11T07:32:19.907000,2023-05-11T07:32:19.907000,1,,white,1,0,,%23Exploit:NtQueryIntervalProfile
1,3678952389,645c9a033dd0e4e34e6cba8f,32dd32a4496e689ba904e92385d350d5,FileHash-MD5,2023-05-11T07:32:46,,"Bdaejec, Flooder.LYI, Win32/Flooder.Agent",MD5 of 82521006cdb75d3826edb12e2d7a038a37cdafd...,,1,...,LoveAndren,2023-05-11T07:32:19.907000,2023-05-11T07:32:19.907000,1,,white,1,0,,%23Exploit:NtQueryIntervalProfile
2,3678952390,645c9a033dd0e4e34e6cba8f,3343fe2b2f76cda4c776eb592a4d0146,FileHash-MD5,2023-05-11T07:32:46,,"Bdaejec, Win32/Flooder.Agent",MD5 of 3c4c8fdda37010277359be7d34620f97ac74852...,,1,...,LoveAndren,2023-05-11T07:32:19.907000,2023-05-11T07:32:19.907000,1,,white,1,0,,%23Exploit:NtQueryIntervalProfile
3,3678952391,645c9a033dd0e4e34e6cba8f,48e074289337a25992d16166bab58c73,FileHash-MD5,2023-05-11T07:32:46,,"Bdaejec, Flooder.LYI, Win32/Flooder.Agent",MD5 of 40b3e23941cb1a50f8061c5feee2ce505833f2b...,,1,...,LoveAndren,2023-05-11T07:32:19.907000,2023-05-11T07:32:19.907000,1,,white,1,0,,%23Exploit:NtQueryIntervalProfile
4,3678952392,645c9a033dd0e4e34e6cba8f,623b083c79bd9855db70cb1509861cb0,FileHash-MD5,2023-05-11T07:32:46,,"Bdaejec, Flooder.LYI, Win32/Flooder.Agent",MD5 of 3ed019075072f4b6744c45753a17e5210bf3340...,,1,...,LoveAndren,2023-05-11T07:32:19.907000,2023-05-11T07:32:19.907000,1,,white,1,0,,%23Exploit:NtQueryIntervalProfile
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
6892655,2257758046,6510e74c4e7f494edc48f261,e2c2a80cb4ecc511f30d72b3487cb9023b40a25f6bbe07...,FileHash-SHA256,2023-10-09T06:52:40,,,SHA256 of 412568f078ec521bdba6ae14b9f36823,,1,...,Provintell-Lab,2023-10-09T06:55:29.307000,2023-09-25T01:50:04.960000,1,,white,2,0,,Ransom:Win32/Ako
6892656,2704414647,6510e74c4e7f494edc48f261,ed139beb506a17843c6f4b631afdf5a41ec93121da66d1...,FileHash-SHA256,2023-10-09T06:52:40,,Ransom:Win32/Ako!MSR,SHA256 of 47d222dd2ac5741433451c8acaac75bd,,1,...,Provintell-Lab,2023-10-09T06:55:29.307000,2023-09-25T01:50:04.960000,1,,white,2,0,,Ransom:Win32/Ako
6892657,2703844193,6510e74c4e7f494edc48f261,fd24ff7e838fea836079c4554254768abdce32c4f46148...,FileHash-SHA256,2023-10-09T06:52:40,,Ransom:Win32/Ako!MSR,SHA256 of 4984d9af56c39a161b627e019ed2604d,,1,...,Provintell-Lab,2023-10-09T06:55:29.307000,2023-09-25T01:50:04.960000,1,,white,2,0,,Ransom:Win32/Ako
6892658,3768096914,6510e74c4e7f494edc48f261,https://dict.gov.ph/wp-content/uploads/2023/09...,URL,2023-10-09T06:52:40,,,,,1,...,Provintell-Lab,2023-10-09T06:55:29.307000,2023-09-25T01:50:04.960000,1,,white,2,0,,Ransom:Win32/Ako


In [4]:
# Deduplicate ip_location_df: Keep only two IPs per city
ip_location_df = (
    ip_location_df.groupby('cityName')
    .head(2)  # Keep only the first 2 occurrences per city
    .reset_index(drop=True)  # Reset the index for clean processing
)

# Display the cleaned DataFrame
print(f"Cleaned IP Location DataFrame: {len(ip_location_df)} rows")
ip_location_df



Cleaned IP Location DataFrame: 1686 rows


Unnamed: 0,ip,cityName,countryName,latitude,longitude
0,148.251.234.93,Berlin,Germany,52.524525,13.410037
1,148.251.162.83,Berlin,Germany,52.524525,13.410037
2,148.251.218.10,Gunzenhausen,Germany,48.32386,11.601019
3,103.102.148.37,Tengah,Indonesia,-0.10468,109.145622
4,148.251.16.2,Gunzenhausen,Germany,48.32386,11.601019
...,...,...,...,...,...
1681,137.31.126.40,Cranbury,United States of America,40.316368,-74.513718
1682,194.68.32.17,Oslo,Norway,59.91275,10.74609
1683,198.98.58.41,Staten Island,United States of America,40.576283,-74.144836
1684,1.1.254.1,Wang Yang,Thailand,17.05752,104.453323


In [5]:
# Shuffle the ip_location_df
ip_location_df = ip_location_df.sample(frac=1, random_state=42).reset_index(drop=True)

In [6]:
ip_location_df

Unnamed: 0,ip,cityName,countryName,latitude,longitude
0,193.125.152.58,Castellana,Spain,40.433571,-3.684532
1,120.211.70.141,Zhangjiakou,China,40.810024,114.879349
2,23.59.68.212,Milan,Italy,45.464336,9.188547
3,89.203.252.238,Ostrava,Czechia,49.834888,18.281956
4,45.63.76.67,Elk Grove Village,United States of America,42.00668,-88.004753
...,...,...,...,...,...
1681,217.219.202.199,Ilam,Iran (Islamic Republic of),33.637581,46.42276
1682,103.91.207.235,Bang Khun Thian,Thailand,13.66302,100.434158
1683,117.103.69.134,Batu,Indonesia,-7.87,112.528328
1684,201.253.238.50,Goya,Argentina,-29.14003,-59.262562


In [12]:
# Add a random 'ip', 'source_city', 'source_country', 'source_latitude', and 'source_longitude'
random_ip_data = ip_location_df.sample(n=len(indicators_pulses_df), replace=True).reset_index(drop=True)
indicators_pulses_df['ip'] = random_ip_data['ip']
indicators_pulses_df['source_city'] = random_ip_data['cityName']  # Rename cityName to source_city
indicators_pulses_df['source_country'] = random_ip_data['countryName']
indicators_pulses_df['source_latitude'] = random_ip_data['latitude']
indicators_pulses_df['source_longitude'] = random_ip_data['longitude']

# Join the enriched data with ip_location_df to ensure proper linking
enriched_df = pd.merge(indicators_pulses_df, ip_location_df, on='ip', how='left', suffixes=('', '_from_ip'))

# Generate target country information by shuffling 'countryName_from_ip' and linking to lat/lon
target_country_data = (
    ip_location_df.sample(n=len(enriched_df), replace=True)
    .reset_index(drop=True)[['countryName', 'latitude', 'longitude']]
)
enriched_df['target_country'] = target_country_data['countryName']
enriched_df['target_latitude'] = target_country_data['latitude']
enriched_df['target_longitude'] = target_country_data['longitude']

# Drop unnecessary columns
enriched_df = enriched_df.drop(columns=['countryName', 'latitude', 'longitude'])




In [14]:
# Display the enriched DataFrame
print("Enriched DataFrame with Source and Target Details:")
enriched_df.head()

Enriched DataFrame with Source and Target Details:


Unnamed: 0,id_indicator,pulse_id,indicator,type,created_indicator,content,title,description_indicator,expiration,is_active,...,cityName,source_city,source_country,source_latitude,source_longitude,cityName_from_ip,countryName_from_ip,target_country,target_latitude,target_longitude
0,3678952388,645c9a033dd0e4e34e6cba8f,32788cd0818804797beb15135695e165,FileHash-MD5,2023-05-11T07:32:46,,"Bdaejec, Flooder.LYI, Win32/Flooder.Agent",MD5 of 62958d20e3f6b262d16e5d5478c2c0d882ecec7...,,1,...,Hawthorn,Traverse City,United States of America,44.773289,-85.701233,Traverse City,United States of America,Croatia,45.875832,15.85361
1,3678952389,645c9a033dd0e4e34e6cba8f,32dd32a4496e689ba904e92385d350d5,FileHash-MD5,2023-05-11T07:32:46,,"Bdaejec, Flooder.LYI, Win32/Flooder.Agent",MD5 of 82521006cdb75d3826edb12e2d7a038a37cdafd...,,1,...,Malmoe,Tolyatti,Russian Federation,53.530437,49.345875,Tolyatti,Russian Federation,China,39.907501,116.397102
2,3678952390,645c9a033dd0e4e34e6cba8f,3343fe2b2f76cda4c776eb592a4d0146,FileHash-MD5,2023-05-11T07:32:46,,"Bdaejec, Win32/Flooder.Agent",MD5 of 3c4c8fdda37010277359be7d34620f97ac74852...,,1,...,Chandler,Wuxi,China,31.569349,120.288788,Wuxi,China,India,28.635485,77.224121
3,3678952391,645c9a033dd0e4e34e6cba8f,48e074289337a25992d16166bab58c73,FileHash-MD5,2023-05-11T07:32:46,,"Bdaejec, Flooder.LYI, Win32/Flooder.Agent",MD5 of 40b3e23941cb1a50f8061c5feee2ce505833f2b...,,1,...,Tlalnepantla,Delhi,India,28.666775,77.216682,Delhi,India,Czechia,48.620899,14.24976
4,3678952392,645c9a033dd0e4e34e6cba8f,623b083c79bd9855db70cb1509861cb0,FileHash-MD5,2023-05-11T07:32:46,,"Bdaejec, Flooder.LYI, Win32/Flooder.Agent",MD5 of 3ed019075072f4b6744c45753a17e5210bf3340...,,1,...,Jablanovec,George Town,Malaysia,5.41146,100.335426,George Town,Malaysia,United States of America,32.404499,-86.245903


In [19]:
enriched_df.columns

Index(['id_indicator', 'pulse_id', 'indicator', 'type', 'created_indicator',
       'content', 'title', 'description_indicator', 'expiration', 'is_active',
       'id_pulse', 'name', 'description_pulse', 'author_name', 'modified',
       'created_pulse', 'public', 'adversary', 'TLP', 'revision', 'in_group',
       'is_subscribing', 'malware_family', 'ip', 'cityName', 'source_city',
       'source_country', 'source_latitude', 'source_longitude',
       'cityName_from_ip', 'countryName_from_ip', 'target_country',
       'target_latitude', 'target_longitude'],
      dtype='object')

In [18]:
# Remove duplicate column names for clarity
columns_to_display = [
    'ip', 'source_city', 'source_country', 'source_latitude', 'source_longitude',
    'cityName_from_ip', 'countryName_from_ip', 'target_country', 'target_latitude', 'target_longitude'
]

# Check if the specified columns exist in the DataFrame
columns_in_df = [col for col in columns_to_display if col in enriched_df.columns]

# Display the first few rows of the specified columns
enriched_df[columns_in_df].head()


Unnamed: 0,ip,source_city,source_country,source_latitude,source_longitude,cityName_from_ip,countryName_from_ip,target_country,target_latitude,target_longitude
0,104.37.86.39,Traverse City,United States of America,44.773289,-85.701233,Traverse City,United States of America,Croatia,45.875832,15.85361
1,31.173.170.243,Tolyatti,Russian Federation,53.530437,49.345875,Tolyatti,Russian Federation,China,39.907501,116.397102
2,153.35.105.108,Wuxi,China,31.569349,120.288788,Wuxi,China,India,28.635485,77.224121
3,103.21.58.244,Delhi,India,28.666775,77.216682,Delhi,India,Czechia,48.620899,14.24976
4,103.6.198.204,George Town,Malaysia,5.41146,100.335426,George Town,Malaysia,United States of America,32.404499,-86.245903


In [20]:
enriched_df.drop(columns=["cityName","pulse_id","cityName_from_ip","countryName_from_ip"],inplace=True)

In [21]:
enriched_df

Unnamed: 0,id_indicator,indicator,type,created_indicator,content,title,description_indicator,expiration,is_active,id_pulse,...,is_subscribing,malware_family,ip,source_city,source_country,source_latitude,source_longitude,target_country,target_latitude,target_longitude
0,3678952388,32788cd0818804797beb15135695e165,FileHash-MD5,2023-05-11T07:32:46,,"Bdaejec, Flooder.LYI, Win32/Flooder.Agent",MD5 of 62958d20e3f6b262d16e5d5478c2c0d882ecec7...,,1,645c9a033dd0e4e34e6cba8f,...,,%23Exploit:NtQueryIntervalProfile,104.37.86.39,Traverse City,United States of America,44.773289,-85.701233,Croatia,45.875832,15.85361
1,3678952389,32dd32a4496e689ba904e92385d350d5,FileHash-MD5,2023-05-11T07:32:46,,"Bdaejec, Flooder.LYI, Win32/Flooder.Agent",MD5 of 82521006cdb75d3826edb12e2d7a038a37cdafd...,,1,645c9a033dd0e4e34e6cba8f,...,,%23Exploit:NtQueryIntervalProfile,31.173.170.243,Tolyatti,Russian Federation,53.530437,49.345875,China,39.907501,116.397102
2,3678952390,3343fe2b2f76cda4c776eb592a4d0146,FileHash-MD5,2023-05-11T07:32:46,,"Bdaejec, Win32/Flooder.Agent",MD5 of 3c4c8fdda37010277359be7d34620f97ac74852...,,1,645c9a033dd0e4e34e6cba8f,...,,%23Exploit:NtQueryIntervalProfile,153.35.105.108,Wuxi,China,31.569349,120.288788,India,28.635485,77.224121
3,3678952391,48e074289337a25992d16166bab58c73,FileHash-MD5,2023-05-11T07:32:46,,"Bdaejec, Flooder.LYI, Win32/Flooder.Agent",MD5 of 40b3e23941cb1a50f8061c5feee2ce505833f2b...,,1,645c9a033dd0e4e34e6cba8f,...,,%23Exploit:NtQueryIntervalProfile,103.21.58.244,Delhi,India,28.666775,77.216682,Czechia,48.620899,14.24976
4,3678952392,623b083c79bd9855db70cb1509861cb0,FileHash-MD5,2023-05-11T07:32:46,,"Bdaejec, Flooder.LYI, Win32/Flooder.Agent",MD5 of 3ed019075072f4b6744c45753a17e5210bf3340...,,1,645c9a033dd0e4e34e6cba8f,...,,%23Exploit:NtQueryIntervalProfile,103.6.198.204,George Town,Malaysia,5.41146,100.335426,United States of America,32.404499,-86.245903
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
6892655,2257758046,e2c2a80cb4ecc511f30d72b3487cb9023b40a25f6bbe07...,FileHash-SHA256,2023-10-09T06:52:40,,,SHA256 of 412568f078ec521bdba6ae14b9f36823,,1,6510e74c4e7f494edc48f261,...,,Ransom:Win32/Ako,68.62.199.70,Pensacola,United States of America,30.421385,-87.216927,United States of America,40.799953,-73.65094
6892656,2704414647,ed139beb506a17843c6f4b631afdf5a41ec93121da66d1...,FileHash-SHA256,2023-10-09T06:52:40,,Ransom:Win32/Ako!MSR,SHA256 of 47d222dd2ac5741433451c8acaac75bd,,1,6510e74c4e7f494edc48f261,...,,Ransom:Win32/Ako,137.31.126.40,Cranbury,United States of America,40.316368,-74.513718,United Kingdom of Great Britain and Northern I...,51.48,-3.18
6892657,2703844193,fd24ff7e838fea836079c4554254768abdce32c4f46148...,FileHash-SHA256,2023-10-09T06:52:40,,Ransom:Win32/Ako!MSR,SHA256 of 4984d9af56c39a161b627e019ed2604d,,1,6510e74c4e7f494edc48f261,...,,Ransom:Win32/Ako,89.79.229.50,Katowice,Poland,50.258469,19.02747,India,22.569624,88.369598
6892658,3768096914,https://dict.gov.ph/wp-content/uploads/2023/09...,URL,2023-10-09T06:52:40,,,,,1,6510e74c4e7f494edc48f261,...,,Ransom:Win32/Ako,13.16.221.88,Norwalk,United States of America,41.1325,-73.404602,Malaysia,1.550255,110.333305


In [22]:
# Validate the enriched DataFrame
print("Checking for null values in the enriched DataFrame:")
print(enriched_df.isnull().sum())  # Should all be 0

print("\nChecking the enriched DataFrame structure:")
print(enriched_df.info())  # Inspect column data types and structure

print("\nPreview of the enriched DataFrame:")
print(enriched_df.head())

# Remove duplicates to ensure no leakage or redundancy
enriched_df = enriched_df.drop_duplicates()

Checking for null values in the enriched DataFrame:
id_indicator                   0
indicator                      0
type                           0
created_indicator              0
content                        0
title                         28
description_indicator         28
expiration               6853331
is_active                      0
id_pulse                       0
name                           0
description_pulse              0
author_name                    0
modified                       0
created_pulse                  0
public                         0
adversary                   2553
TLP                            0
revision                       0
in_group                       0
is_subscribing           6883940
malware_family                 0
ip                             0
source_city                    0
source_country                 0
source_latitude                0
source_longitude               0
target_country                 0
target_latitude         

In [23]:
enriched_df.shape

(6892660, 30)

In [24]:
# Save to CSV
output_file = "enriched_data.csv"
enriched_df.to_csv(output_file, index=False)

print(f"\nData successfully saved to {output_file}.")



Data successfully saved to enriched_data.csv.


In [25]:
# Reload the CSV file to confirm its structure and content
loaded_df = pd.read_csv(output_file)

print("\nReloaded DataFrame:")
print(loaded_df.head())
print(f"Number of rows: {len(loaded_df)}, Columns: {list(loaded_df.columns)}")


  loaded_df = pd.read_csv(output_file)



Reloaded DataFrame:
   id_indicator                         indicator          type  \
0    3678952388  32788cd0818804797beb15135695e165  FileHash-MD5   
1    3678952389  32dd32a4496e689ba904e92385d350d5  FileHash-MD5   
2    3678952390  3343fe2b2f76cda4c776eb592a4d0146  FileHash-MD5   
3    3678952391  48e074289337a25992d16166bab58c73  FileHash-MD5   
4    3678952392  623b083c79bd9855db70cb1509861cb0  FileHash-MD5   

     created_indicator content                                      title  \
0  2023-05-11T07:32:46     NaN  Bdaejec, Flooder.LYI, Win32/Flooder.Agent   
1  2023-05-11T07:32:46     NaN  Bdaejec, Flooder.LYI, Win32/Flooder.Agent   
2  2023-05-11T07:32:46     NaN               Bdaejec, Win32/Flooder.Agent   
3  2023-05-11T07:32:46     NaN  Bdaejec, Flooder.LYI, Win32/Flooder.Agent   
4  2023-05-11T07:32:46     NaN  Bdaejec, Flooder.LYI, Win32/Flooder.Agent   

                               description_indicator expiration  is_active  \
0  MD5 of 62958d20e3f6b262d16e5d547

In [26]:
loaded_df.columns

Index(['id_indicator', 'indicator', 'type', 'created_indicator', 'content',
       'title', 'description_indicator', 'expiration', 'is_active', 'id_pulse',
       'name', 'description_pulse', 'author_name', 'modified', 'created_pulse',
       'public', 'adversary', 'TLP', 'revision', 'in_group', 'is_subscribing',
       'malware_family', 'ip', 'source_city', 'source_country',
       'source_latitude', 'source_longitude', 'target_country',
       'target_latitude', 'target_longitude'],
      dtype='object')

In [27]:
# Check data types of all columns
loaded_df.info()


<class 'pandas.core.frame.DataFrame'>
RangeIndex: 6892660 entries, 0 to 6892659
Data columns (total 30 columns):
 #   Column                 Dtype  
---  ------                 -----  
 0   id_indicator           int64  
 1   indicator              object 
 2   type                   object 
 3   created_indicator      object 
 4   content                object 
 5   title                  object 
 6   description_indicator  object 
 7   expiration             object 
 8   is_active              int64  
 9   id_pulse               object 
 10  name                   object 
 11  description_pulse      object 
 12  author_name            object 
 13  modified               object 
 14  created_pulse          object 
 15  public                 int64  
 16  adversary              object 
 17  TLP                    object 
 18  revision               int64  
 19  in_group               int64  
 20  is_subscribing         float64
 21  malware_family         object 
 22  ip                

In [28]:
import pandas as pd

# Define dtype mapping for all relevant columns
dtype_mapping = {
    'id_indicator': 'int64',
    'indicator': 'str',
    'type': 'str',
    'created_indicator': 'str',  # Initially as string for correct parsing
    'content': 'str',
    'title': 'str',
    'description_indicator': 'str',
    'expiration': 'str',  # To convert later to datetime
    'is_active': 'int64',
    'id_pulse': 'str',
    'name': 'str',
    'description_pulse': 'str',
    'author_name': 'str',
    'modified': 'str',  # To convert later to datetime
    'created_pulse': 'str',  # To convert later to datetime
    'public': 'int64',
    'adversary': 'str',
    'TLP': 'str',
    'revision': 'int64',
    'in_group': 'int64',
    'is_subscribing': 'float64',  # For possible NaN values
    'malware_family': 'str',
    'ip': 'str',
    'source_city': 'str',
    'source_country': 'str',
    'source_latitude': 'float64',
    'source_longitude': 'float64',
    'target_country': 'str',
    'target_latitude': 'float64',
    'target_longitude': 'float64',
}


loaded_df = pd.read_csv(output_file, dtype=dtype_mapping, low_memory=False)

# Verify the structure and types of the DataFrame
print(loaded_df.info())
print(loaded_df.head())


<class 'pandas.core.frame.DataFrame'>
RangeIndex: 6892660 entries, 0 to 6892659
Data columns (total 30 columns):
 #   Column                 Dtype  
---  ------                 -----  
 0   id_indicator           int64  
 1   indicator              object 
 2   type                   object 
 3   created_indicator      object 
 4   content                object 
 5   title                  object 
 6   description_indicator  object 
 7   expiration             object 
 8   is_active              int64  
 9   id_pulse               object 
 10  name                   object 
 11  description_pulse      object 
 12  author_name            object 
 13  modified               object 
 14  created_pulse          object 
 15  public                 int64  
 16  adversary              object 
 17  TLP                    object 
 18  revision               int64  
 19  in_group               int64  
 20  is_subscribing         float64
 21  malware_family         object 
 22  ip                

In [None]:
# Convert date columns to datetime format
date_columns = ['created_indicator', 'modified', 'expiration', 'created_pulse']
for col in date_columns:
    loaded_df[col] = pd.to_datetime(loaded_df[col]) 

# Verify the conversion
print(loaded_df.info())


In [29]:
# Check for missing values in the dataset
missing_values = loaded_df.isnull().sum()

# Display the columns with missing values
print("Columns with missing values:")
print(missing_values[missing_values > 0])




Columns with missing values:
indicator                      1
content                  6890484
title                    6180115
description_indicator    6290277
expiration               6853331
description_pulse        5026809
adversary                6724522
is_subscribing           6883940
dtype: int64


In [30]:
# Verify after filling or dropping missing values
print(loaded_df.isnull().sum())

id_indicator                   0
indicator                      1
type                           0
created_indicator              0
content                  6890484
title                    6180115
description_indicator    6290277
expiration               6853331
is_active                      0
id_pulse                       0
name                           0
description_pulse        5026809
author_name                    0
modified                       0
created_pulse                  0
public                         0
adversary                6724522
TLP                            0
revision                       0
in_group                       0
is_subscribing           6883940
malware_family                 0
ip                             0
source_city                    0
source_country                 0
source_latitude                0
source_longitude               0
target_country                 0
target_latitude                0
target_longitude               0
dtype: int

In [31]:
# Save the cleaned DataFrame to a new CSV file
cleaned_output_file = "enriched_data.csv"
loaded_df.to_csv(cleaned_output_file, index=False)

print(f"Optimized data saved to {cleaned_output_file}")


Optimized data saved to enriched_data.csv


In [33]:
loaded_df.iloc[0]

id_indicator                                                    3678952388
indicator                                 32788cd0818804797beb15135695e165
type                                                          FileHash-MD5
created_indicator                                      2023-05-11T07:32:46
content                                                                NaN
title                            Bdaejec, Flooder.LYI, Win32/Flooder.Agent
description_indicator    MD5 of 62958d20e3f6b262d16e5d5478c2c0d882ecec7...
expiration                                                             NaN
is_active                                                                1
id_pulse                                          645c9a033dd0e4e34e6cba8f
name                                                      Malware Bazaar 7
description_pulse                                                      NaN
author_name                                                     LoveAndren
modified                 

In [32]:
loaded_df.columns

Index(['id_indicator', 'indicator', 'type', 'created_indicator', 'content',
       'title', 'description_indicator', 'expiration', 'is_active', 'id_pulse',
       'name', 'description_pulse', 'author_name', 'modified', 'created_pulse',
       'public', 'adversary', 'TLP', 'revision', 'in_group', 'is_subscribing',
       'malware_family', 'ip', 'source_city', 'source_country',
       'source_latitude', 'source_longitude', 'target_country',
       'target_latitude', 'target_longitude'],
      dtype='object')