While it's great to be able to explore the shape of our data, as security analysts we often have
questions we need to ask. To help us question our data, we’ll explore some additional
processing modules that operate on fields enumerated with our extraction module. We will
also add optional parameters to our rendering module to further refine the data stream we
review.
Query 2:
Using the count [Math Module] to determine how many unique employees we have
tag=envolvelabs-Employees ax
| count by name
| table count
Query 3:
Using the unique module to view distinct values of a column, we’ll do usernames this time and add an alphabetical sort
tag=envolvelabs-Employees ax
| unique username
| sort by username asc
| table username
Query 4:
What if we want to know the breakdown of peoples’ roles from the data we have available in our data source?
tag=envolvelabs-Employees ax
| count by role
| table role count
Query 5:
Charting - Wouldn’t it be neat to see that as a pie chart?
*note: need to change visualization type, use “ visualization options ” cogwheel after the chart
is rendered*
tag=envolvelabs-Employees ax
| count by role
| chart count by role
