Good day,
Can the reference list be integrated or called in the native dashboard? For example, when we create a use case in the native dashboard, can we call the reference list? On my end, I am unable to call the reference list in the native dashboard due to error something. If it’s possible, could you provide an example? If not, could you suggest a workaround?
Hello,
This is supported. What error are you getting?
Hello,
This is supported. What error are you getting?
This is the error that I’m getting, It says like metadata unavailable for reference list. Could you give me an example for reference list that are being called in the native dashboard? Thanks
Hello,
This is supported. What error are you getting?
Metadata unavailable for reference list then saying invalid arguments. If this feasible could you give me an example for calling the reference list in the native dashboard? So I can better understand it. Thanks.
This is the error that I’m getting, It says like metadata unavailable for reference list. Could you give me an example for reference list that are being called in the native dashboard? Thanks
Hi,
Try something like this:
principal.ip in %test_ips
match:
principal.ip
outcome:
$risk_score = sum(if(target.ip in cidr %test_ips, 100, 0))
Hi,
Try something like this:
principal.ip in %test_ips
match:
principal.ip
outcome:
$risk_score = sum(if(target.ip in cidr %test_ips, 100, 0))It’s not working also even I try this sample and change what I have in the reference list. I’m always getting error on this part. Do you have any documentation for this about reference list in terms of calling in the native dashboard?
Hi,
Try something like this:
principal.ip in %test_ips
match:
principal.ip
outcome:
$risk_score = sum(if(target.ip in cidr %test_ips, 100, 0))The error saying in the native dashboard “generic::invalid argument:compilation error reference list version fetching:metadata unavailable for reference list”. That’s the error I’m getting when I’m calling reference list in native dashboard.
Metadata unavailable for reference list then saying invalid arguments. If this feasible could you give me an example for calling the reference list in the native dashboard? So I can better understand it. Thanks.
Okay, send over your configuration so we can look at it.
This works with a string but not with a CIDR type ref list.
Okay, send over your configuration so we can look at it.
This works with a string but not with a CIDR type ref list.
The error message in the native dashboard says, 'generic::invalid argument:compilation error reference list version fetching: metadata unavailable for reference list.' This is the error I'm getting when I try to call the reference list in the native dashboard. I also created a rule in rule detection with the reference list and attempted to call it in the native dashboard, but it's not working.
The error message in the native dashboard says, 'generic::invalid argument:compilation error reference list version fetching: metadata unavailable for reference list.' This is the error I'm getting when I try to call the reference list in the native dashboard. I also created a rule in rule detection with the reference list and attempted to call it in the native dashboard, but it's not working.
Could you please share the exact config that you have including the type of ref list?
Could you please share the exact config that you have including the type of ref list?
In native dashboard it should be like this my format
$hostname = $e.principal.hostname
$hostname in %test_hostname
match:
$hostname
outcome:
event_count = count_distinct($e.metadata.id)
Is test_hostname the reference list you are referring to? it seems like test_hostname is not correctly predefined. I tested the syntax below and it worked on my end but it might not be what you were looking for:
$hostname = $e.principal.hostname
match:
$hostname
outcome:
$event_count = count_distinct($e.metadata.id)
order:
$event_count desc
Is the reference list of a string type, and what is an example line within the reference list?
Is test_hostname the reference list you are referring to? it seems like test_hostname is not correctly predefined. I tested the syntax below and it worked on my end but it might not be what you were looking for:
$hostname = $e.principal.hostname
match:
$hostname
outcome:
$event_count = count_distinct($e.metadata.id)
order:
$event_count desc
This is the syntax but again this is in private preview. We don't have any guarantee that something within this feature will not change. @Omskirt
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.