...
Output
A score table where each score is set only if a score has been assigned manually.
Example
Input
table with f1, f2, f3 columns
...
| Code Block |
|---|
scoreManually(table, ["f1", "f2"], 5.0) -- will score table and will set score to 5.0 for each of the rows, when the score is changed in the row, then it will create a rule for f1, f2 => that score scoreManually(table, ["f1", "f2"]) -- will score table and will set empty score (null) for each of the rows, when the score is changed in the row, then it will create a rule for f1, f2 => that score scoreManually(table, [], 5.0) -- will score table and will set score to 5.0 for each of the rows, when the score is changed in the row, then it will create a rule for f1, f2, f3 => that score -- for each of above examples you can change the scores for each of the rows in the table by clickick lhub_score cell of that row and from drop down menu assign a score. |
Operator Usage in Easy Mode
- Click + on the parent node.
- Enter the Score Manually operator in the search field and select the operator from the Results to open the operator form.
- In the Input Table drop-down, enter or select the name of the table containing the data to run this operator on.
- In the Columns drop-down, enter or select a list of columns to group events by.
- Optional. In the Default Score, enter a value.
- Click Run to view the result.
- Click Save to add the operator to the playbook.
- Click Cancel to discard the operator form.
...