Interactive process tree visualization widget for security and forensics analysis in marimo notebooks

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for cauchy from gravatar.com cauchy

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Kyrre Wahl Kongsgård
  • Requires: Python >=3.12
Report project as malware

Project description

process-tree-widget

An interactive process tree visualization widget for security and forensics analysis, built for marimo notebooks using the anywidget framework.

Please refer to this blog post for background and context.

Process Tree Visualization

Overview

The widget ingests OS process telemetry from two sources:

  • MDE (Microsoft Defender for Endpoint) ProcessCreated events
  • Volatility pstree memory forensics output

Both are normalized to a common ASIM schema, assembled into a tree structure, and rendered as an interactive D3-backed visualization with expand/collapse, zoom, right-click context menu, and an optional time-range filter.

JavaScript rendering

The widget uses a vendored copy of DependenTree (located in js/dependentree/) for the D3 tree layout, bundled directly by esbuild — no CDN fetch at runtime.

Development setup

Python:

uv venv --python 3.12
uv sync
source .venv/bin/activate

JavaScript:

npm install
npm run dev   # watches js/ (including js/dependentree/) and rebuilds on change

Demo notebook:

marimo edit notebooks/demo_mde.py
# or
marimo edit notebooks/demo_vol.py

Build commands

npm run build    # bundle js/ → src/process_tree_widget/static/ (esbuild, ESM, minified)
npm run dev      # same with inline sourcemaps + watch mode
uv build         # full Python package build (triggers npm run build via hatch-jupyter-builder)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for cauchy from gravatar.com cauchy

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Kyrre Wahl Kongsgård
  • Requires: Python >=3.12

Release history Release notifications | RSS feed

0.1.8

0.1.7

0.1.6

0.1.4

This version

0.1.3

0.1.2

0.1.1

0.1.0

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

process_tree_widget-0.1.3.tar.gz (133.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

process_tree_widget-0.1.3-py3-none-any.whl (136.2 kB view details)

Uploaded Python 3

File details

Details for the file process_tree_widget-0.1.3.tar.gz.

File metadata

  • Download URL: process_tree_widget-0.1.3.tar.gz
  • Upload date:
  • Size: 133.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.7

File hashes

Hashes for process_tree_widget-0.1.3.tar.gz
Algorithm Hash digest
SHA256 45c5b83cae9414b95eb4d64991f28ed576bc9df1a358c4a5b4021414f6fc96ed
MD5 d90513766d5a0222b47e9f067cfa2ed5
BLAKE2b-256 24c2d6cabc0232a7e3abd3e502cf6a23c3329f9c158d26d0352d1ca2b5a62410

See more details on using hashes here.

File details

Details for the file process_tree_widget-0.1.3-py3-none-any.whl.

File metadata

File hashes

Hashes for process_tree_widget-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 078ccc5792a08ea1298c7dfee7ba1c9b631f4a937dc9b36d0008257317dfcb07
MD5 e7c8f02ce84b4be84cbef77481d199ae
BLAKE2b-256 7c9d06a70c62d07bb9c9ddb4947b1ccc82a2a2c6fba25c6e799864fa2597ddab

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page