Given a table with the following columns:
lhub_score, description
, field1
, field2
, field3
return a table with the following colums:
lhub_score
, description
, lhub_details
where lhub_details
is a JSON object that contains thefield1
, field2
, field3
columns.
Example:
lhub_details = {"field1":"value1", "field2":"value2", "field3":"value3"}
The table must have lhub_score
and lhub_ts
columns.
Operator Usage in Easy Mode
- Click + on the parent node.
- Enter the Create Details Column for Threat GGPS operator in the search field and select the operator from the results to open the operator form.
- In the Input Table drop-down, enter or select the table containing the data to run this operator on.
- Click Run to view the result.
- Click Save to add the operator to the playbook.
- Click Cancel to discard the operator form.
Usage Details
LQL Command
createDetailsColumnForThreatGPS(table)
Example
Input
lhub_score | lhub_ts | destIP | destPort |
---|---|---|---|
1.0 | 12 | 1.1.1.1 | 4010 |
LQL command
createDetailsColumnForThreatGPS(table)
Output
lhub_score | lhub_ts | destIP | destPort | lhub_details |
---|---|---|---|---|
1.0 | 12 | 1.1.1.1 | 4010 | {"destIP":1.1.1.1, "destPort":4010} |
Note: if the table has only two columns (lhub_score
and lhub_ts
), then in the output the lhub_details
column is an empty JSON object ("{}").