View Source

Description

Adds a new column that returns the Shannon entropy of a given string.

How does it work in the search window?

Select Create field in the search window toolbar, then select the Shannon entropy operation. You need to specify one argument:

Argument	Data type
String ^mandatory	string

The data type of the values in the new field is float.

Example

In the siem.logtrust.web.activity table, we want to create a new field that calculates the Shannon entropy of the strings in our userid field. To do this, we will create a new field using the Shannon entropy operation.

The arguments needed to create the new column are:

String - userid field

Devo latest > Shannon entropy (shannonentropy) > 10_shannonentropy.png

Click Create field and you will see the following result:

Devo latest > Shannon entropy (shannonentropy) > 20_shannonentropy.png

How does it work in LINQ?

Use the operator select... as... and add the operation syntax to create the new column. This is the syntax for the Shannon entropy operation:

shannonentropy(string)

Example

You can copy the following LINQ script and try the above example on the siem.logtrust.web.activity table.

from siem.logtrust.web.activity
  select shannonentropy(userid) as shannonentropy_userid