URLSummary Notebooklet class.
Queries and displays information about a URL including:
- Domain and IP Whois Information
- Threat Intelligence Results
- TLS Certificates used the Domain
- Data about where URL appears in the environment.
Default Options
- ti: Displays TI results for the URL.
- whois: Display a summary of the URL.
- ip_record: Display a summary of the IP address the URL resolves to.
- cert: Display a summary of TLS certs used by the URL.
- alerts: Displays a DataFrame of all alerts associated with the URL.
- bookmarks: Displays a DataFrame of all bookmarks associated with the URL.
- dns: Displays a DataFrame of all DNS events associated with the URL.
- hosts: Displays a DataFrame of all hosts associated with the URL.
Other Options
- screenshot: Capture and display a screenshot of the URL.
This shows an overview of the URL in question including a large number of contextual items. It will show overview of WhoIs information related to the URL, Threat Intelligence provider results for the URL, and details of TLS certificates associated with the URL. In addition this section will show a selection of data from an environment where the URL is present including DNS lookup events, alerts and bookmarks referencing the URL, and network traffic to the URL.
Each marker on the timeline indicates one or more alerts related to the URL.
URL Details Results.
- summary : msticpy.datamodel.entities.Host
A summary of the URL provided. - domain_record : pd.DataFrame
WhoIs data related to the domain. - cert_details: pd.DataFrame
Details of TLS certificates used (if any). - ip_record: pd.DataFrame
Details of the IP Address associated with the URL. - related_alerts: pd.DataFrame
Any alerts referencing the URL. - bookmarks: pd.DataFrame
Any bookmarks referencing the URL. - hosts: List
A list of host names seen communicating with the URL. - flows: pd.DataFrame
Details of network flows associated with the URL. - flow_graph: LayoutDOM
A timeline plot showing network traffic volumes to the URL.
__init_
Initialize a new instance of the notebooklet class.
Return alert browser/viewer.
Return host summary data.
Display the alert timeline.
Check to see if the table exists in the provider.
Check that the result is valid and
attrib
contains data.Return methods available for this class.
Return Pivot-wrappable run function.
Return data provider for the specified name.
Return list of methods with descriptions.
Run the notebooklet function and return the results.
Run all notebooklet functions defined for the notebooklet.
Add a notebooklet function to the class.
Return supported options for Notebooklet run function.
Return default options for Notebooklet run function.
Return description of the Notebooklet.
Entity types supported by the notebooklet.
Return HTML document for class.
Print or return metadata for class.
Import the text of this module into a new cell.
Return search keywords for Notebooklet.
Return options document for Notebooklet run function.
Search class definition for
search_terms
.Return name of the Notebooklet.
Print options for Notebooklet run function.
result [property] Return result of the most recent notebooklet run.
Display Documentation for class.
silent [property] Get the current instance setting for silent running.
<hr>
Return URL summary data.
- value : str
The URL
- data : Optional[pd.DataFrame], optional
Not used, by default None
- timespan : TimeSpan
Timespan over which operations such as queries will be performed, by default None. This can be a TimeStamp object or another object that has valid start, end, or period attributes.
- options : Optional[Iterable[str]], optional
List of options to use, by default None A value of None means use default options. Options prefixed with "+" will be added to the default options. To see the list of available options type help(cls) where "cls" is the notebooklet class or an instance of this class.
- start : Union[datetime, datelike-string]
Alternative to specifying timespan parameter.
- end : Union[datetime, datelike-string]
Alternative to specifying timespan parameter.
- HostSummaryResult
Result object with attributes for each result type.
- MsticnbMissingParameterError
If required parameters are missing
- ti: Displays TI results for the URL
- whois: Display a summary of the URL
- ip_record: Display a summary of the IP address the URL resolves to
- cert: Display a summary of TLS certs used by the URL.
- alerts: Displays a DataFrame of all alerts associated with the URL
- bookmarks: Displays a DataFrame of all bookmarks associated with the URL
- dns: Displays a DataFrame of all DNS events associated with the URL
- hosts: Displays a DataFrame of all hosts associated with the URL
None