This operator is built primarily for Threat GPS. Given a log (table), it identifies the type of log (label). For example, assume that you have multiple playbooks where each playbook analyzes different data types (such as github, cloudtail, and windows events). Given a new log, this operator categorizes it so the correct playbook can be run to analyze the data.
- Click + on the parent node.
- Enter the Predict Log Type operator in the search field and select the operator from the Results to open the operator form.
- In the Table drop-down, enter or select the name of the table to apply an operator.
- Click Run to view the result.
- Click Save to add the operator to the playbook.
- Click Cancel to discard the operator form.
Output: table with one row and two columns, "PredictedLogType" and "Confidence"
Updated 10 months ago