Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Given a table with the following columns:
lhub_score, description, field1, field2, field3

return a table with the following colums:
lhub_score, description, lhub_details

where lhub_details is a JSON object that contains thefield1, field2, field3 columns.

Example:
lhub_details = {"field1":"value1", "field2":"value2", "field3":"value3"}

The table must have lhub_score and lhub_ts columns.

Operator Usage in Easy Mode

  1. Click + on the parent node.
  2. Enter the Create Details Column for Threat GGPS operator in the search field and select the operator from the results to open the operator form.
  3. In the Input Table drop-down, enter or select the table containing the data to run this operator on.
  4. Click Run to view the result.
  5. Click Save to add the operator to the playbook.
  6. Click Cancel to discard the operator form.

Usage Details

LQL Command

createDetailsColumnForThreatGPS(table)

Example

Input

lhub_score lhub_ts destIP destPort
1.0121.1.1.14010

LQL command

createDetailsColumnForThreatGPS(table)

Output

lhub_score lhub_ts destIP destPort lhub_details
1.0121.1.1.14010{"destIP":1.1.1.1, "destPort":4010}

Note: if the table has only two columns (lhub_score and lhub_ts), then in the output the lhub_details column is an empty JSON object ("{}").

  • No labels