Pardon my newbie'ness 😆
Does anyone have an example where Search results are matched to table entries (simple CSV should be fine) - but then are matched (counted) to a further table entry, e.g.
Search results generate a count respectively of items from the lookup table like.
a). Restricted application
b). host-sweep
c). read-exposure
d). privileged access
e). protocol violation
f). code execution
g). buffer overflow
h). dos
i). statistical deviation
j). remote access
k). restriced access
l). service sweep
m). write exposure
n). port-scan
o). arbitrary command execution
etc
But then those being further broken down against a further lookup table to make a more consolidated count of : -
a). Policy Violation.
b). Reconaissance attacks
c). Exploit
d). Volume DOS
e). Malware.
Hope that clear and you can see my problem 😆
Thanks
Mark
You can have a lookup table as such:
input_field, attack_type, attack_family
field1, Restricted application, Policy Violation
field13, privileged access, Policy Violation
field2, host sweep, Reconaissance attacks
field3, service sweep, Reconaissance attacks
field4, port scan, Reconaissance attacks
Then, you can do lookups on (and run stats to get counts of) both, the attack_type and attack_family.
Hope this helps.
> please upvote and accept answer if you find it useful - thanks!