forked from pixie-io/pixie
-
Notifications
You must be signed in to change notification settings - Fork 2
Home
Duck edited this page Jun 18, 2026
·
2 revisions
Welcome to the pixie wiki!
Here is a pxl to visualize the attack tree
import px
def dx_attack_graph(start_time: str, investigation_id: str, clickhouse_dsn: str):
df = px.DataFrame('dx_attack_graph', clickhouse_dsn=clickhouse_dsn, start_time=start_time)
df = df[df.investigation_id == investigation_id]
return df[['requestor_pod', 'responder_pod', 'requestor_service', 'responder_service',
'requestor_ip', 'responder_ip', 'weight', 'max_severity', 'confidence',
'edge_kind', 'condition', 'criteria', 'num_findings']]
{
"variables": [
{"name": "start_time", "type": "PX_STRING", "defaultValue": "-2d"},
{"name": "investigation_id", "type": "PX_STRING", "defaultValue": "log4shell-6a32ea57"},
{"name": "clickhouse_dsn", "type": "PX_STRING", "defaultValue": "forensic_analyst:changeme-analyst@clickhouse-forensic-soc-db.clickhouse.svc.cluster.local:9000/forensic_db"}
],
"widgets": [
{
"name": "DX Attack Graph",
"position": {"x": 0, "y": 0, "w": 12, "h": 5},
"func": {
"name": "dx_attack_graph",
"args": [
{"name": "start_time", "variable": "start_time"},
{"name": "investigation_id", "variable": "investigation_id"},
{"name": "clickhouse_dsn", "variable": "clickhouse_dsn"}
]
},
"displaySpec": {
"@type": "types.px.dev/px.vispb.Graph",
"adjacencyList": {"fromColumn": "requestor_pod", "toColumn": "responder_pod"},
"edgeWeightColumn": "weight",
"edgeColorColumn": "max_severity",
"edgeHoverInfo": ["weight", "max_severity", "confidence", "edge_kind", "condition", "criteria", "num_findings"],
"edgeLength": 500
}
}
]
}