Hi all,
I have the following dataset:
Source A: "DEVICE INFO"
Source B: "SOURCE" (maps to SourceA DEVICE),"SOURCE_PORTS",DESTINATION, DESTINATION_PORTS
Source C: "SOURCE" (which is the DESTINATION of Source B) etc..
Basically I'm trying to dynamically build a network path between multiple devices (and from multiple sources), the ultimate goal will be a network topology (probably with sankey but doesn't matter right now)
As example
SourceA
| makeresults | eval sourcetype = "A" | eval Device = "Device_XYZ" | eval Model = "Vendor"
SourceB
| append [| makeresults | eval sourcetype = "B" | eval Source = "Device_XYZ" | eval SourcePorts = "123456" | eval Destination = "Device_QWE" | eval DestinationPorts = "AAABBBB"]
| append [| makeresults | eval sourcetype = "B" | eval Source = "Device_XYZ" | eval SourcePorts = "789000" | eval Destination = "Device_QWE" | eval DestinationPorts = "CCCDDDD"]
SourceC
| append [| makeresults | eval sourcetype = "C" | eval Source = "Device_QWE" | eval SourcePorts = "AAABBBB" | eval Destination = "Device_MNB" | eval DestinationPorts = "QQQWWW"]
| append [| makeresults | eval sourcetype = "C" | eval Source = "Device_QWE" | eval SourcePorts = "CCCDDDD" | eval Destination = "Device_MNB" | eval DestinationPorts = "QQQWWW"]
Any idea on how to approach is welcome, ty guys for your time
PaoloR
↧