createDetailsColumnForThreatGPS
Given a table with the following columns:lhub_score, description
, field1
, field2
, field3
return a table with the following colums:lhub_score
, description
, lhub_details
where lhub_details
is a JSON object that contains thefield1
, field2
, field3
columns.
Example:lhub_details = {"field1":"value1", "field2":"value2", "field3":"value3"}
The table must have lhub_score
and lhub_ts
columns.
Operator usage in easy mode
Click + on the parent node.
Enter the Create Details Column for Threat GGPS operator in the search field and select the operator from the results to open the operator form.
In the Input Table drop-down, enter or select the table containing the data to run this operator on.
Click Run to view the result.
Click Save to add the operator to the playbook.
Click Cancel to discard the operator form.
Usage details
LQL Command
createDetailsColumnForThreatGPS(table)
Example
Input
lhub_score | lhub_ts | destIP | destPort |
---|---|---|---|
1.0 | 12 | 1.1.1.1 | 4010 |
LQL command
createDetailsColumnForThreatGPS(table)
Output
lhub_score | lhub_ts | destIP | destPort | lhub_details |
---|---|---|---|---|
1.0 | 12 | 1.1.1.1 | 4010 | {"destIP":1.1.1.1, "destPort":4010} |
Note: if the table has only two columns (lhub_score
and lhub_ts
), then in the output the lhub_details
column is an empty JSON object ("{}").