Table of Contents | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
Score a given table based on how frequently a unique group of the specified columns occurs. Higher scores are given to less frequent occurrences. The output table adds an additional lhub_score
column that contains the score.
...
Output
The input table with an additional lhub_score
column that contains the score [0.0 - 10.0]. Less frequently occurring groups get higher scores.
Example
Input
table
id | destIP | destPort |
---|---|---|
1 | 192.68.0.1 | 3250 |
2 | 192.68.0.1 | 3250 |
3 | 192.68.0.1 | 3250 |
4 | 53.32.124.8 | 7458 |
5 | 192.68.0.1 | 3250 |
6 | 192.68.0.1 | 3250 |
LQL command
Code Block |
---|
scoreByLeastFrequency(table, "destIP", "destPort") |
Output
id | destIP | destPort | lhub_score |
---|---|---|---|
1 | 192.68.0.1 | 3250 | 0.0 |
2 | 192.68.0.1 | 3250 | 0.0 |
3 | 192.68.0.1 | 3250 | 0.0 |
4 | 53.32.124.8 | 7458 | 10.0 |
5 | 192.68.0.1 | 3250 | 0.0 |
6 | 192.68.0.1 | 3250 | 0.0 |