Versions Compared

Old Version 1

changes.mady.by.user Anthony Shevlin

Saved on

compared with

New Version Current

changes.mady.by.user Anthony Shevlin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel6
outlinefalse
typeflat
printablefalse

Match pattern column to stringToMatch column and assigning tags based on a match.

...

Input
table that contains the command lines for auto tagging (commandsTable)

command_line

powershell.exe abc:emil user

cmd.exe word /progfiles

ls.exe -a -f -n20

table that contains patterns (patternTable)

pattern

tag

type

[-/]([0-9a-z]+)

arg_%s

1

:([0-9a-z]+)

user_%s

1

([0-9a-z]+)

purearg_%s

1

LQL command

Code Block
matchPattern(commandsTable, "command_line", patternsTable, "pattern", "tags", "type")

...

it should produce the following output.

field1

field2

powershell.exe abc :emil user

{"exec":"powershell", "tags":["purearg_abc","user_emil","purearg_user"]}

cmd.exe word /progfiles

{"exec":"cmd", "tags":["purearg_word","arg_progfiles"]}

ls.exe -a -f -n20

{"exec":"ls", "tags":["arg_a","arg_f","arg_n20"]}