Adding a dictionary

You can add dictionaries and use the elements saved in them as variable values in SQL queries for Network Anomaly Detection rules.

To add a dictionary:

1. Select the Settings section, Dictionaries subsection in the window of the application web interface.
2. Open the details area by clicking Add rule.
3. Enter the dictionary name and description.
4. Select the dictionary type and define its items.

   You can select the following types of dictionaries:

   • Dates, for storing dates. Corresponds to the "date" data type in the SQL query.
   • IP addresses, for storing IP addresses. Corresponds to the "ip" data type in the SQL query.
   • Ports, for storing port numbers. Corresponds to the "port" data type in the SQL query.
   • Text, for storing string values. Corresponds to the "string" data type in the SQL query.
   • Time, for storing time ranges. Corresponds to the "time" data type in the SQL query.
   • Days of the week, for storing the days of the week. Corresponds to the "weekday" data type in the SQL query.
5. Click the Save button.

The dictionary is added.

Page top