scoreByRandomness
- Jonas Gonzalez
Owned by Jonas Gonzalez
Score events according to their randomness based on the Shannon entropy of the string value of the specified column. Higher scores are given to more random strings. If a string contains no duplicate characters, it gets the highest score. Strings with duplicate characters get lower scores.
Operator Usage in Easy Mode
- Click + on the parent node.
- Enter the Score by Randomness operator in the search field and select the operator from the Results to open the operator form.
- In the Input Table drop-down, enter or select the name of the table containing the data to run this operator on.
- In the Column drop-down, enter or select a column from which the score will be computed.
- Click Run to view the result.
- Click Save to add the operator to the playbook.
- Click Cancel to discard the operator form.
Usage Details
LQL Command
scoreByRandomness(table, column)
Input
column: Column name to compute randomness score.
table: Name of a table.
Output
The input table with an additional lhub_score column containing the score. The score reflects the randomness (Shannon) of a string.
Example
Input
table
| id | password |
|---|---|
| 1 | axbyze@#fa23 |
| 2 | aaaaaa |
LQL command
scoreByRandomness(table, password)
Output
| id | password | lhub_score |
|---|---|---|
| 1 | axbyze@#fa23 | 6.0 |
| 2 | aaaaaa | 1.98 |