How to create a parser
The JS Parsers object can be used in user customizable scripts within CYBERQUEST Data Transformation Service (DTS) and in Alerts.
DTS is a parsing service based on a script (JavaScript) that has a wide range of functions. Its primary role is performing additional transformations on data extracted from collected events.
Authentication
To access Web Interface, open a web browser and type the application's address or DNS name. The default address initially assigned to Web Interface is https://CyberquestIPAddress (example).
The browser automatically redirects you to CYBERQUEST's authentication page:
Navigate to Settings
Navigate to “Settings > Rules” and select the “DTS Objects” option.
DTS Objects
You can import a DTS object by pressing the "Import Object" button or create a new DTS object by pressing the "Add DTS Object" button.
In this case we will create a new DTS object. Press the "Add DTS Object" button and fill in the following fields:
Name: The name of the DTS object;
Description: A short description of the object;
Is Active: Set the object as active or inactive;
Script: Add a new script;
When you finished creating the parser, press "Save" button to save changes.
Actions menu
After creating the DTS object above, you can perform the following actions on the object:
-
Set the object as active or inactive by pressing the following switch
.
-
You can export a parser, press
button. The export is saved as a proprietary CQO file.
-
To edit details for a specific object, press
button next to it. Edit DTS Objects page opens allowing you to change the Name and Description, correct the Script or enable/disable the object.
- To delete a parser from the list, press "delete" button next to it. As a measure of precaution, you will be asked to confirm deletion.
Example of parser
An example parser may look like this: