forked from pixie-io/pixie
-
Notifications
You must be signed in to change notification settings - Fork 2
Home
Duck edited this page Jun 19, 2026
·
4 revisions
Welcome to the pixie wiki!
Here is a pxl to visualize the attack tree
import px
def dx_attack_graph(start_time: str, clickhouse_dsn: str, include_benign: str):
table = 'dx_attack_graph'
df = px.DataFrame(table,
clickhouse_dsn=clickhouse_dsn,
start_time=start_time)
return df[['requestor_pod', 'responder_pod',
'requestor_service', 'responder_service',
'requestor_ip', 'responder_ip',
'weight', 'max_severity', 'confidence',
'edge_kind', 'condition', 'criteria', 'num_findings',
'investigation_id']]
{
"variables": [
{
"name": "start_time",
"type": "PX_STRING",
"description": "Start time of the window.",
"defaultValue": "-15m"
},
{
"name": "clickhouse_dsn",
"type": "PX_STRING",
"description": "ClickHouse DSN: user:pass@host:port/db.",
"defaultValue": "forensic_analyst:changeme-analyst@clickhouse-forensic-soc-db.clickhouse.svc.cluster.local:9000/forensic_db"
},
{
"name": "include_benign",
"type": "PX_STRING",
"description": "OFF by default ('false'): reads the malicious-only view so the benign firehose is NEVER pulled from ClickHouse. Set 'true' to ALSO pull benign/ruled-out investigations (heavier).",
"defaultValue": "false"
}
],
"globalFuncs": [
{
"outputName": "dx_graph",
"func": {
"name": "dx_attack_graph",
"args": [
{
"name": "start_time",
"variable": "start_time"
},
{
"name": "clickhouse_dsn",
"variable": "clickhouse_dsn"
},
{
"name": "include_benign",
"variable": "include_benign"
}
]
}
}
],
"widgets": [
{
"name": "DX Attack Graph",
"position": {
"x": 0,
"y": 0,
"w": 12,
"h": 5
},
"globalFuncOutputName": "dx_graph",
"displaySpec": {
"@type": "types.px.dev/px.vispb.Graph",
"adjacencyList": {
"fromColumn": "requestor_pod",
"toColumn": "responder_pod"
},
"edgeWeightColumn": "weight",
"edgeColorColumn": "max_severity",
"edgeLabelColumn": "edge_kind",
"edgeThresholds": {
"mediumThreshold": 3,
"highThreshold": 4
},
"edgeHoverInfo": [
"edge_kind",
"condition",
"criteria",
"weight",
"max_severity",
"confidence",
"num_findings",
"investigation_id"
],
"edgeLength": 500
}
},
{
"name": "Edges",
"position": {
"x": 0,
"y": 5,
"w": 12,
"h": 4
},
"globalFuncOutputName": "dx_graph",
"displaySpec": {
"@type": "types.px.dev/px.vispb.Table"
}
}
]
}