DocumentationIntegrations
Contact Us

supervisedScorer

Incrementally score events by learning feedback from users.

Suggest Edits

The supervisedScorer operator predicts the user score when you define the lhub_score.

When you have multiple tables that contain lhub_scores, it must be combined and assigned a final score, where the final score is a combination of manual scoring using machine learning models.

supervisedScorer combine tables using autojoin operator by selecting distinct rows. You can manually assign scores for 2 rows and update the table, the rest of the rows will be updated with the final score automatically.
For example, if the predictor assigns a score of 6 but in the rules, we assigned 9, the final result will be 9.

Operator Usage in Easy Mode

  1. Click + on the parent node.
  2. Enter the Supervised Scorer operator in the search field and select the operator from the Results to open the operator form.
  3. In the Table drop-down, enter or select a table to apply the operator.
  4. Click Run to view the result.
  5. Click Save to add the operator to the playbook.
  6. Click Cancel to discard the operator form.

Usage Details

supervisedScorer(tables:TableReference[])

Input
TableReference - List of input tables that contain lhub_scores.

Output
A scored table where each row is scored based on the model that was learned from all previous manually assigned scores. It will return lhub_score, mindistToRule (closest distance to ruleset), isFromRuleset (boolean), and score columns from tables.

Example

InputTable = userScore

1530

InputTable = ipScore

1558

InputTable = bytesScore

1594

Output

When you combine the multiple input tables that contain lhub_score in all parent nodes i.e. userScore, ipScore, and bytesScore, the columns will be replaced by the final table name itself.

supervisedScorer([userScore, ipScore, bytesScore])

Here, 3 new columns added i.e. lhub_score, isFromRuleset, and mindistToRule.

2100

Initially, all lhub_score in the output table will be "-" where you can assign any value 0 - 10 to that specific row.
When you assign lhub_score for 2 or more rows, the operator will train a model and predict the scores for the rest of the events and will assign new scores to unscored ones based on the input columns defined.

2126

Updated 6 months ago

© 2017-2021 LogicHub®. All Rights Reserved.