Score events according to their randomness based on the Shannon entropy of the string value of the specified column. Higher scores are given to more random strings. If a string contains no duplicate characters, it gets the highest score. Strings with duplicate characters get lower scores.

Operator Usage in Easy Mode

Click + on the parent node.
Enter the Score by Randomness operator in the search field and select the operator from the Results to open the operator form.
In the Input Table drop-down, enter or select the name of the table containing the data to run this operator on.
In the Column drop-down, enter or select a column from which the score will be computed.
Click Run to view the result.
Click Save to add the operator to the playbook.
Click Cancel to discard the operator form.

Usage Details

LQL Command

scoreByRandomness(table, column)

Input

column: Column name to compute randomness score.
table: Name of a table.

Output
The input table with an additional lhub_score column containing the score. The score reflects the randomness (Shannon) of a string.

Example

Input
table

id	password
1	axbyze@#fa23
2	aaaaaa

LQL command

scoreByRandomness(table, password)

Output

id	password	lhub_score
1	axbyze@#fa23	6.0
2	aaaaaa	1.98

Browser not supported