[DRILL-8289] Add Threat Hunting Functions - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Done
Affects Version/s: 1.21.0
Fix Version/s: 1.21.0
Component/s: Functions - Drill
Labels:
None

Description

Threat Hunting Functions
These functions are useful for doing threat hunting with Apache Drill. These were inspired by huntlib.[1]

The functions are:

`punctuation_pattern(<string>)`: Extracts the pattern of punctuation in text.
`entropy(<string>)`: This function calculates the Shannon Entropy of a given string of text.
`entropyPerByte(<string>)`: This function calculates the Shannon Entropy of a given string of text, normed for the string length.

[1]: https://github.com/target/huntlib

Attachments

Activity

People

Assignee:: Charles Givre

Reporter:: Charles Givre

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29/Aug/22 04:28

Updated:: 12/Sep/22 13:12

Resolved:: 12/Sep/22 13:12