Skip to content

Instantly share code, notes, and snippets.

@rkreddyp

rkreddyp/security_review_rootactivity.py

Created February 12, 2019 18:08
Show Gist options
  • Save rkreddyp/10f1c889c4719ad66a86f0deb3725bae to your computer and use it in GitHub Desktop.
Save rkreddyp/10f1c889c4719ad66a86f0deb3725bae to your computer and use it in GitHub Desktop.
Download ZIP
Raw
security_review_rootactivity.py
eventdf = oeventdf.copy()
print (eventdf.columns)
eventdf.userIdentity= eventdf.userIdentity.astype(str)
eventdf = eventdf [eventdf.userIdentity.str.contains("Root")]
eventdf = eventdf [['EventSource', 'EventName', 'Username', 'EventTime', 'sourceIPAddress']]
eventdf = eventdf.groupby( ['EventTime', "EventSource","Username", 'sourceIPAddress'] )['EventName'].agg(','.join).reset_index(name='Eventnames')
sdf.to_csv("/tmp/rootactivity.csv")
link = lib_helpers.take_uploadfilename_return_link("rootactivity.csv", "rootactivity.csv")
display (md("##### Download the csv of the below table [here]({link})".format(link=link) ) )
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment