...
Score events according to their randomness based on the Shannon entropy of the string value of the specified column. Higher scores are given to more random strings. If a string contains no duplicate characters, it gets the highest score. Strings with duplicate characters get lower scores.
Operator Usage in Easy Mode
- Click + on the parent node.
- Enter the Score by Randomness operator in the search field and select the operator from the Results to open the operator form.
- In the Input Table drop-down, enter or select the name of the table containing the data to run this operator on.
- In the Column drop-down, enter or select a column from which the score will be computed.
- Click Run to view the result.
- Click Save to add the operator to the playbook.
- Click Cancel to discard the operator form.
Usage Details
LQL Command
Code Block |
---|
scoreByRandomness(table, column) |
...
Output
The input table with an additional lhub_score column containing the score. The score reflects the randomness (Shannon) of a string.
Example
Input
table
id | password |
---|---|
1 | axbyze@#fa23 |
2 | aaaaaa |
...