How to create a parser

The JS Parsers object can be used in user customizable scripts within CYBERQUEST Data Transformation Service (DTS) and in Alerts.

DTS is a parsing service based on a script (JavaScript) that has a wide range of functions. Its primary role is performing additional transformations on data extracted from collected events.

Authentication

To access Web Interface, open a web browser and type the application's address or DNS name. The default address initially assigned to Web Interface is https://CyberquestIPAddress (example).

The browser automatically redirects you to CYBERQUEST's authentication page:

Navigate to Settings

Navigate to “Settings > Rules” and select the “DTS Objects” option.

DTS Objects

You can import a DTS object by pressing the "Import Object" button or create a new DTS object by pressing the "Add DTS Object" button.

In this case we will create a new DTS object. Press the "Add DTS Object" button and fill in the following fields:

Name: The name of the DTS object;

Description: A short description of the object;

Is Active: Set the object as active or inactive;

Script: Add a new script;

When you finished creating the parser, press "Save" button to save changes.

Actions menu

After creating the DTS object above, you can perform the following actions on the object:

• Set the object as active or inactive by pressing the following switch .

• You can export a parser, press button. The export is saved as a proprietary CQO file.

• To edit details for a specific object, press button next to it. Edit DTS Objects page opens allowing you to change the Name and Description, correct the Script or enable/disable the object.

• To delete a parser from the list, press "delete" button next to it. As a measure of precaution, you will be asked to confirm deletion.

Example of parser

An example parser may look like this: