Document toolboxDocument toolbox

predictLogType

This operator is built primarily for Threat GPS. Given a log (table), it identifies the type of log (label). For example, assume that you have multiple playbooks where each playbook analyzes different data types (such as github, cloudtail, and windows events). Given a new log, this operator categorizes it so the correct playbook can be run to analyze the data.

Operator Usage in Easy Mode

  1. Click + on the parent node.

  2. Enter the Predict Log Type operator in the search field and select the operator from the Results to open the operator form.

  3. In the Table drop-down, enter or select the name of the table to apply an operator.

  4. Click Run to view the result.

  5. Click Save to add the operator to the playbook.

  6. Click Cancel to discard the operator form.

Usage Details

LQL Command

predictLogType(input_table)

Input: table

Output: table with one row and two columns, "PredictedLogType" and "Confidence"

Input
table: github_logs

Output