I have a lookup of vulnerability scan data that includes fields such as hostname, IP, OS, CVEs, etc. I would like to put all OSs that are specified as a desktop OS as a field value named Desktop; anything that is specified as a server OS as a field value named Server but add an extra layer of specification if it's Unix or Windows; and anything with a network OS specified as Network and then put those field values in a new field called OS_Specified
Here is an example of the OS's I would like to categorize.
Desktop
Server
Network
I'm assuming eval and/or rex is going to need to be involved, and that is where I would need assistance.
I feel like my ask is similar to This but a little more involved.
A series of case statement should do the job.
| inputlookup mylookup.csv
| eval Desktop = case(match(OS, "Windows 10"), 1, 1==1, null())
| eval Server = case(match(OS, "Windows Server"), 1,
match(OS, "Red Hat"), 1,
``` Insert matches for other OSs here```
1==1, null())
| eval Network = case(match(OS, "Cisco", 1,
match(OS, "CentOS Linux", 1,
1==1, null())