Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Score events according to their randomness based on the Shannon entropy of the string value of the specified column. Higher scores are given to more random strings. If a string contains no duplicate characters, it gets the highest score. Strings with duplicate characters get lower scores.

Operator Usage in Easy Mode

  1. Click + on the parent node.
  2. Enter the Score by Randomness operator in the search field and select the operator from the Results to open the operator form.
  3. In the Input Table drop-down, enter or select the name of the table containing the data to run this operator on.
  4. In the Column drop-down, enter or select a column from which the score will be computed.
  5. Click Run to view the result.
  6. Click Save to add the operator to the playbook.
  7. Click Cancel to discard the operator form.

Usage Details

LQL Command

Code Block
scoreByRandomness(table, column)

...

Output
The input table with an additional lhub_score column containing the score. The score reflects the randomness (Shannon) of a string.

Example

Input
table

idpassword
1axbyze@#fa23
2aaaaaa

...