Fixed minor issues around result formats (#198)

Co-authored-by: Ian Hellen <ianhelle@microsoft.com>
Azure · Aug 11, 2023 · 4e09def · 4e09def
1 parent 813c7b8
commit 4e09def
Showing 1 changed file with 7 additions and 9 deletions.
diff --git a/Guided Investigation - Incident Triage.ipynb b/Guided Investigation - Incident Triage.ipynb
@@ -71,6 +71,7 @@
     "from msticpy.common.exceptions import MsticpyAzureConfigError\n",
     "from msticpy.common.pkg_config import get_config\n",
     "from msticpy.vis.timeline import display_timeline\n",
+    "from msticpy.vis.entity_graph_tools import EntityGraph\n",
     "\n",
     "display(HTML(\"<h3>Starting Notebook setup...</h3>\"))\n",
     "\n",
@@ -358,7 +359,7 @@
     "            <b>Status: </b> {incident['status']}\n",
     "            \"\"\"\n",
     "    new_idx = [idx.split(\".\")[-1] for idx in incident.index]\n",
-    "    incident.set_axis(new_idx, copy=False)\n",
+    "    incident = incident.set_axis(new_idx)\n",
     "    return (HTML(details),pd.DataFrame(incident))\n",
     "\n",
     "\n",
@@ -460,24 +461,21 @@
     "    i += 1\n",
     "    prog.update_progress(i)\n",
     "    if ent[0] == \"Ip\":\n",
-    "        resp = ti.lookup_ioc(observable=ent[1][\"address\"], ioc_type=\"ipv4\")\n",
+    "        resp = ti.lookup_ioc(ent[1][\"address\"], ioc_type=\"ipv4\")\n",
     "        result_dfs.append(ti.result_to_df(resp))\n",
-    "        for response in resp[1]:\n",
-    "            sev.append(response[1].severity)\n",
+    "        sev.append(resp[\"Severity\"].unique().tolist())\n",
     "    if ent[0] == \"Url\" or ent[0] == \"DnsResolution\":\n",
     "        if \"url\" in ent[1]:\n",
     "            lkup_dom = ent[1][\"url\"]\n",
     "        else:\n",
     "            lkup_dom = ent[1][\"domainName\"]\n",
     "        resp = ti.lookup_ioc(lkup_dom, ioc_type=\"url\")\n",
     "        result_dfs.append(ti.result_to_df(resp))\n",
-    "        for response in resp[1]:\n",
-    "            sev.append(response[1].severity)\n",
+    "        sev.append(resp[\"Severity\"].unique().tolist())\n",
     "    if ent[0] == \"FileHash\":\n",
     "        resp = ti.lookup_ioc(ent[1][\"hashValue\"])\n",
     "        result_dfs.append(ti.result_to_df(resp))\n",
-    "        for response in resp[1]:\n",
-    "            sev.append(response[1].severity)\n",
+    "        sev.append(resp[\"Severity\"].unique().tolist())\n",
     "    if result_dfs:\n",
     "        resps = pd.concat(result_dfs)\n",
     "    else:\n",
@@ -549,7 +547,7 @@
     "    for ip_addr in resps[resps[\"IocType\"] == \"ipv4\"][\"Ioc\"].unique():\n",
     "        folium_map = FoliumMap(width=\"50%\", height=\"50%\")\n",
     "        try:\n",
-    "            display(HTML(f\"<h2>Summary of Activity Related to{ip_addr}:</h2>\"))\n",
+    "            display(HTML(f\"<h2>Summary of Activity Related to {ip_addr}:</h2>\"))\n",
     "            ip_ent_nb_out = ip_ent_nb.run(value=ip_addr, timespan=timespan, silent=True)\n",
     "            md(\n",
     "                f\"{ip_addr} - {ip_ent_nb_out.ip_origin} - {ip_ent_nb_out.ip_type}\",\n",