Ashfall is a lightweight log analyzer that detects anomalies and visualizes them with heatmaps. It transforms raw logs into actionable insights, highlighting unusual patterns in processes and actions.

• Automatic delimiter detection - works with common CSV/TSV-style logs.
• Data audit - quick summary of shape, types, nulls, duplicates, constants.
• Anomaly detection - uses Isolation Forest on numeric columns to flag outliers.
• Top anomalous processes - aggregates unusual behavior by process name (Basename).
• Heatmap visualization - Basename x ActionId anomalies in a red-shaded matrix.
• Exports results - anomalies and summary tables as CSV files.

Requires Python 3.9+.

Clone or copy ashfall.py into your working directory.

• If no file is specified, defaults to processlasso.log.
• Outputs analysis to console, displays a heatmap, and writes CSV results next to the input file.

1. Console Audit

   • Shape, dtypes, null percentages, duplicates, constants.
   • Anomaly rate and top anomalous processes.

2. CSV Files

   • _anomalies.csv - rows flagged as anomalous.
   • _summary.csv - aggregated anomaly counts by process.

3. Heatmap

   • Matrix of anomalies by Basename x ActionId, red intensity indicates anomaly density.

Output:

• system_events_anomalies.csv
• system_events_summary.csv
• Heatmap figure displayed inline.

• Only numeric columns are used for anomaly detection.
• If no numeric data exists, anomalies default to 0.
• Designed for process-level log analysis, but adaptable to other structured log sources.