Versions Compared

Old Version 14

changes.mady.by.user andrew johnston

Saved on

compared with

New Version Current

changes.mady.by.user andrew johnston

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

You can use the Information Security Analytics (ISA) Manager to build a lookup table (LUT) in the platform.  Building a lookup table describes the process of indicating the JSON share where the lookup table is located, and specifying the Key Field and Header Fields in your lookup table.

Once the lookup table is built there are a number of different possible applications.  For example, you can apply the LUT to compare two sets of records and then create new records based on the results.   

 

 

Building a Lookup Table Using the Manager

To build a lookup table

  1. From the Treat Analytics Dashboard, click on Data Sources (top right).
  2. Click on Add New Source.
  3. Under "What kind of source would you like to create?" specify "Lookup table builder."
  4. Click on Next.

  5. Specify the the fields as defined in the table below

    FieldDescription
    ShareIDShare ID for the JSON share where the data lookup table is located. or Browse and upload CSV file.
    Key FieldKey Field for the lookup table. This is the field that will be used by scripts as the Key Field to lookup the data. This field needs to be one of your Header fields. Example: Headers - "ip", "hostname", "country" Key Field - "ip"
    Header FieldsSpecify the header fields of your lookup table.


    Advanced Options

    FieldDescription
    DescriptionProvide a description for the lookup table.
  6. Click on Next.

Configuring and Testing

Once you have made the input settings, you will need to perform additional configuration and testing.

To configure and test

  1. Provide a name for the source.
  2. Select the previously created Data Group.
  3. Select the Media Type.
  4. Select Data Origin.  For more information, see Data Sources.
  5. Specify the frequency at which the source should be harvested (eg. Once per day).
  6. Click on Test Source.

About Testing

If the source has been configured properly testing with return test results, and you will be able to move forward with Publishing the new source.  Otherwise, a failure message is generated which can be used for troubleshooting (currently it only says FAIL).  You can always Save your source and come back to fix any testing errors later.

Saving or Publishing

Saving 

To save the source after testing

  • Click on Save.

The source is saved and you are re-directed to the Source Manager.

Publishing

To publish the source after testing

  • Click on Publish.

The source is published and you are re-directed to the list Source Manager.

Panel

In this section:

Table of Contents
maxLevel2
indent16px

 

 

Panel

Related Documentation:

Manager Interface Reference