# PANDAS

pandas is an open source, BSD-licensed library providing high-performance, easy-to-use data structures and data analysis tools for the Python programming language.

In [1]:
import numpy as np
import pandas as pd

In [2]:
# create a pandas series
s = pd.Series([1, 3, 5, np.nan, 6, 7])

In [3]:
s

0    1.0
1    3.0
2    5.0
3    NaN
4    6.0
5    7.0
dtype: float64

In [4]:
s.shape

(6,)

In [5]:
# create a range of dates, date provided is start date, periods increments by day
dates = pd.date_range('20130101', periods=6)
print(dates)

DatetimeIndex(['2013-01-01', '2013-01-02', '2013-01-03', '2013-01-04',
               '2013-01-05', '2013-01-06'],
              dtype='datetime64[ns]', freq='D')


In [6]:
# create a dataframe from random data using the dates variable created earlier as the index
df = pd.DataFrame(np.random.randn(6, 4), index=dates, columns=list('ABCD'))
print (df)

                   A         B         C         D
2013-01-01 -0.839755  0.676242  0.102106  1.257492
2013-01-02 -0.164442  0.006922  1.024605 -0.563736
2013-01-03 -0.587786 -0.779490  0.588123 -0.571965
2013-01-04 -0.980953 -1.767664  1.269346 -0.618362
2013-01-05 -1.021459  0.473618 -0.589531  0.578117
2013-01-06  0.561211 -0.366763  1.074911 -2.474800


In [7]:
df.head(2) # get first 2 records, default is 5

Unnamed: 0,A,B,C,D
2013-01-01,-0.839755,0.676242,0.102106,1.257492
2013-01-02,-0.164442,0.006922,1.024605,-0.563736


In [8]:
df.tail(2) # get last 2 records, default is 5

Unnamed: 0,A,B,C,D
2013-01-05,-1.021459,0.473618,-0.589531,0.578117
2013-01-06,0.561211,-0.366763,1.074911,-2.4748


In [9]:
df.index # view indexs

DatetimeIndex(['2013-01-01', '2013-01-02', '2013-01-03', '2013-01-04',
               '2013-01-05', '2013-01-06'],
              dtype='datetime64[ns]', freq='D')

In [10]:
df.columns # view available columns

Index(['A', 'B', 'C', 'D'], dtype='object')

In [11]:
df.B # view specific columns

2013-01-01    0.676242
2013-01-02    0.006922
2013-01-03   -0.779490
2013-01-04   -1.767664
2013-01-05    0.473618
2013-01-06   -0.366763
Freq: D, Name: B, dtype: float64

In [12]:
df.describe() # inspect dataset

Unnamed: 0,A,B,C,D
count,6.0,6.0,6.0,6.0
mean,-0.505531,-0.292856,0.57826,-0.398876
std,0.610731,0.898202,0.70909,1.273801
min,-1.021459,-1.767664,-0.589531,-2.4748
25%,-0.945654,-0.676308,0.22361,-0.606763
50%,-0.71377,-0.179921,0.806364,-0.567851
75%,-0.270278,0.356944,1.062335,0.292654
max,0.561211,0.676242,1.269346,1.257492


In [13]:
df.T # transpose

Unnamed: 0,2013-01-01 00:00:00,2013-01-02 00:00:00,2013-01-03 00:00:00,2013-01-04 00:00:00,2013-01-05 00:00:00,2013-01-06 00:00:00
A,-0.839755,-0.164442,-0.587786,-0.980953,-1.021459,0.561211
B,0.676242,0.006922,-0.77949,-1.767664,0.473618,-0.366763
C,0.102106,1.024605,0.588123,1.269346,-0.589531,1.074911
D,1.257492,-0.563736,-0.571965,-0.618362,0.578117,-2.4748


In [14]:
df.sort_index(axis=1, ascending=False) # sort by axis

Unnamed: 0,D,C,B,A
2013-01-01,1.257492,0.102106,0.676242,-0.839755
2013-01-02,-0.563736,1.024605,0.006922,-0.164442
2013-01-03,-0.571965,0.588123,-0.77949,-0.587786
2013-01-04,-0.618362,1.269346,-1.767664,-0.980953
2013-01-05,0.578117,-0.589531,0.473618,-1.021459
2013-01-06,-2.4748,1.074911,-0.366763,0.561211


# ingest excel files

In [15]:
xl = pd.read_excel("./docs/exampleexcel.xlsx")

In [16]:
xl

Unnamed: 0,Example column 1,Example column 2,Example column three,Example column 4
0,Text value 1,4,4.6,2019-09-03
1,Text value 2,5,5.2,2019-03-05
2,Text value 3,2,7.8,2018-05-04
3,Text value 4,8,5.9,2017-05-07
4,Text value 5,9,3.5,2016-12-09
5,Text value 6,4,2.5,2019-02-01
6,Text value 7,8,7.8,2019-04-03
7,Text value 8,0,9.6,2019-05-02
8,Text value 9,3,10.5,2018-02-01


In [17]:
xl.head()

Unnamed: 0,Example column 1,Example column 2,Example column three,Example column 4
0,Text value 1,4,4.6,2019-09-03
1,Text value 2,5,5.2,2019-03-05
2,Text value 3,2,7.8,2018-05-04
3,Text value 4,8,5.9,2017-05-07
4,Text value 5,9,3.5,2016-12-09


In [18]:
xl['Example column three'].describe()

count     9.000000
mean      6.377778
std       2.727534
min       2.500000
25%       4.600000
50%       5.900000
75%       7.800000
max      10.500000
Name: Example column three, dtype: float64

In [19]:
xl['Example column 2'] = xl['Example column 2'] * 2

In [20]:
xl.head()

Unnamed: 0,Example column 1,Example column 2,Example column three,Example column 4
0,Text value 1,8,4.6,2019-09-03
1,Text value 2,10,5.2,2019-03-05
2,Text value 3,4,7.8,2018-05-04
3,Text value 4,16,5.9,2017-05-07
4,Text value 5,18,3.5,2016-12-09


# bro log analysis

imngest weird.log

In [21]:
df = pd.read_csv("./docs/weird.log", 
                 sep='\t', 
                 names=['ts', 'uid', 'id.orig_h', 'id.orig_p', 'id.resp_p', 'name', 'addl', 'notice', 'peer'])

In [22]:
df.head()

Unnamed: 0,ts,uid,id.orig_h,id.orig_p,id.resp_p,name,addl,notice,peer
1331901000.0,-,-,-,-,-,unknown_protocol_88,-,F,bro
1331901000.0,-,-,-,-,-,unknown_packet_type,-,F,bro
1331901000.0,-,-,-,-,-,truncated_IP,-,F,bro
1331901000.0,CFmfPp4lcYsETNSogj,192.168.202.79,50778,192.168.229.251,80,unescaped_special_URI_char,-,F,bro
1331901000.0,CiYIRv2E6wmEieDlz3,192.168.202.79,50844,192.168.229.251,80,unescaped_special_URI_char,-,F,bro


In [23]:
df.describe()

Unnamed: 0,ts,uid,id.orig_h,id.orig_p,id.resp_p,name,addl,notice,peer
count,65983,65983,65983,65983,65983,65983,65983,65983,65983
unique,51652,222,25773,280,184,50,126,1,1
top,-,192.168.202.102,135,192.168.24.101,80,unescaped_special_URI_char,-,F,bro
freq,457,23765,637,16041,46163,35017,65118,65983,65983


In [24]:
df_clean = df.replace({'-': None})
df_clean.head()

Unnamed: 0,ts,uid,id.orig_h,id.orig_p,id.resp_p,name,addl,notice,peer
1331901000.0,,,,,,unknown_protocol_88,,F,bro
1331901000.0,,,,,,unknown_packet_type,,F,bro
1331901000.0,,,,,,truncated_IP,,F,bro
1331901000.0,CFmfPp4lcYsETNSogj,192.168.202.79,50778.0,192.168.229.251,80.0,unescaped_special_URI_char,,F,bro
1331901000.0,CiYIRv2E6wmEieDlz3,192.168.202.79,50844.0,192.168.229.251,80.0,unescaped_special_URI_char,,F,bro


In [25]:
#DataFrame with data types
data_types = pd.DataFrame(df_clean.dtypes, columns=['Data Type'])

#DataFrame with Count
data_count = pd.DataFrame(df_clean.count(), columns=['Count'])

#DataFrame with unique values
unique_value_counts = pd.DataFrame(columns=['Unique Values'])
for v in list(df_clean.columns.values):
    unique_value_counts.loc[v] = [df_clean[v].nunique()]

missing_data_counts = pd.DataFrame(df_clean.isnull().sum(), columns=['Missing Values'])
data_quality_report = data_types.join(data_count).join(unique_value_counts).join(missing_data_counts)
print('Data Quality Report')
data_quality_report

Data Quality Report


Unnamed: 0,Data Type,Count,Unique Values,Missing Values
ts,object,65526,51651,457
uid,object,65526,221,457
id.orig_h,object,65526,25772,457
id.orig_p,object,65526,279,457
id.resp_p,object,65526,183,457
name,object,65983,50,0
addl,object,865,125,65118
notice,object,65983,1,0
peer,object,65983,1,0
