Table of Contents | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
This operator is built primarily for Threat GPS. Given a log (table), it identifies the type of log (label). For example, assume that you have multiple playbooks where each playbook analyzes different data types (such as github, cloudtail, and windows events). Given a new log, this operator categorizes it so the correct playbook can be run to analyze the data.
...