Entity Objects

the dolookup method receives an array of entity objects

Entity Object

The entities array contains one or more entity objects. Entity objects have the following special properties in addition to a large number of boolean flags.

value (string)

The value property contains the value of the entity in string form

type

The type property contains a single type specifier. For IPv4 and IPv6 entities the type will be set to IPv4 or IPv6 respectively. For any hash types the type will be set to hash. Finally, for any custom types the type will be set to custom.

// Sample IPv4 entity
{
    type: 'IPv4',
    types: ['IP', 'IPv4']
}

// Sample IPv6 entity
{
    type: 'IPv6',
    types: ['IP', 'IPv6']
}

// Sample MD5 entity
{
    type: 'hash',
    types: ['hash', 'MD5']
}

// Sample SHA1 entity
{
    type: 'hash',
    types: ['hash', 'SHA1']
}

// Sample custom entity 
{
    type: 'custom',
    types: ['custom.hostname']
}

types

The types property is an array of type values. It will contain one or more matching types.

For custom types the type value is taken from the key property specified in your configuration file prepended with the string custom.. For example, if you config file defined a custom type called hostname then you would look for the types property to contain the string custom.hostname.

As an example

Integration Config File

{
    customTypes: [
        {
            key: 'hostname',
            regex: /[a-z]+_host/
        }
    ]
}

Then entity objects that contained that value would have the following format.

Matching Entity Object

{
    type: 'custom',
    types: ['custom.hostname'],
    value: 'abba_host'
    // additional boolean flags would be false        
}

channels

The channels property is an array of zero of more channel objects that indicate what channels the given entity exists in (i.e., what channels that entity is tagged in). If an entity is not tagged, then the channels property will be an empty array.

Channel objects contain the following two properties:

Channel objects contain an id property which is the numeric id of the channel. Note that channel id values will not change unless the channel is deleted and recreated.

name

Channel objects also contain a name property which is the name of the channel. Note that channel names can change if a user edits the name of the channel.

config/config.js

{
    channels: [
        {
            id: 13,
            name: 'web-servers'
        }
    ]
}

PreviousdoLookup NextResult Objects

Last updated 5 years ago

// Sample IPv4 entity { type: 'IPv4', types: ['IP', 'IPv4'] } // Sample IPv6 entity { type: 'IPv6', types: ['IP', 'IPv6'] } // Sample MD5 entity { type: 'hash', types: ['hash', 'MD5'] } // Sample SHA1 entity { type: 'hash', types: ['hash', 'SHA1'] } // Sample custom entity { type: 'custom', types: ['custom.hostname'] }