Shannon entropy (shannonentropy)
- Juan Tomás Alonso Nieto (Deactivated)
- Former user (Deleted)
- Former user (Deleted)
Description
Adds a new column that returns the Shannon entropy of a given string.
How does it work in the search window?
Select Create field in the search window toolbar, then select the Shannon entropy operation. You need to specify one argument:
Argument | Data type |
|---|---|
String mandatory | string |
The data type of the values in the new field is float.
Example
In the siem.logtrust.web.activity table, we want to create a new field that calculates the Shannon entropy of the strings in our userid field. To do this, we will create a new field using the Shannon entropy operation.
The arguments needed to create the new column are:
String - userid field
Click Create field and you will see the following result:
How does it work in LINQ?
Use the operator select... as... and add the operation syntax to create the new column. This is the syntax for the Shannon entropy operation:
shannonentropy(string)
Example
You can copy the following LINQ script and try the above example on the siem.logtrust.web.activity table.
from siem.logtrust.web.activity
select shannonentropy(userid) as shannonentropy_userid