# Mihari Notebook
This notebook queries an existing Mihari sqlite database and loads results into a pandas dataframe for onward analysis.

To ensure queries run correctly, please ensure that your `mihari.db` instance has been updated to incorporate the additional columns required for pDNS related queries. Updated versions of this notebook can always be downloaded from https://github.com/ssnkhan/infrastructure-hunting/.


In [None]:
import sqlite3
import pandas as pd
from tabulate import tabulate


# Update with the absolute path of your mihari.db
connect = sqlite3.connect("mihari.db")
mihari = connect.cursor()


# Paste any SQL query between the backticks
results = mihari.execute('''
SELECT
    strftime("%Y-%m-%d", alerts.created_at) AS "Date",
    alerts.title AS "Alert Type",
    artifacts.data AS "IP"
FROM artifacts
INNER JOIN alerts ON alerts.id = artifacts.alert_id
ORDER BY
    "Date" DESC
''')


# Fetch and store results into a pandas dataframe
results = results.fetchall()
results_df = pd.DataFrame(results)
connect.close()


if (len(results) > 0):
    # Print results in a nice table
    headers = list(map(lambda x: x[0], mihari.description))
    print(tabulate(results, headers=headers, tablefmt="psql"))
else:
    print ("No results to display.")