| Table of Contents | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
Given a table with the following columns:lhub_score, description, field1, field2, field3
...
| Code Block |
|---|
createDetailsColumnForThreatGPS(table) |
Example
Input
lhub_score | lhub_ts | destIP | destPort |
|---|---|---|---|
1.0 | 12 | 1.1.1.1 | 4010 |
LQL command
| Code Block |
|---|
createDetailsColumnForThreatGPS(table) |
Output
lhub_score | lhub_ts | destIP | destPort | lhub_details |
|---|---|---|---|---|
1.0 | 12 | 1.1.1.1 | 4010 | {"destIP":1.1.1.1, "destPort":4010} |
Note: if the table has only two columns (lhub_score and lhub_ts), then in the output the lhub_details column is an empty JSON object ("{}").