LogoLogo
WebsiteBlogLogin
  • Onum Docs
  • Use Cases
  • Videos
  • Release Notes
  • Welcome
  • Getting Started
    • About Onum
    • Architecture
    • Deployment
    • Getting Started with Onum
    • Understanding The Essentials
      • Cards and Table Views
      • Data Types
      • Graph Calculations
      • The Time Range Selector
    • Key Terminology
  • THE WORKSPACE
    • Home
    • Listeners
      • Cloud Listeners
      • Listener Integrations
        • Amazon SQS
        • Amazon S3
        • Apache Kafka
        • Azure Event Hubs
        • Cisco NetFlow
        • Google Pub/Sub
        • HTTP
        • HTTP Pull
        • Microsoft 365
        • OpenTelemetry
        • Syslog
        • TCP
      • Labels
    • Pipelines
      • Building a Pipeline
        • AI Assistant
          • AI Pipeline Assistant
          • AI Action Assistant
      • Listeners
      • Actions
        • Advanced
          • Anonymizer
          • Bring Your Own Code
          • Field Generator
          • For Each
          • Google DLP
          • HTTP Request
          • Redis
        • Aggregation
          • Accumulator
          • Group By
        • AI
          • Amazon GenAI
          • BLIP-2
          • Cog
          • Google GenAI
          • Llama
          • Replicate
        • Detection
          • Sigma Rules
        • Enrichment
          • Lookup
        • Filtering
          • Conditional
          • Sampling
        • Formatting
          • Message Builder
        • Transformation
          • Field Transformation
            • Field Transformation Operations
              • Arithmetic / Logic
                • Divide Operation
                • Median
                • Multiply Operation
                • Subtract Operation
                • Sum Operation
              • Code tidy
                • JSON Minify
              • Control characters
                • Escape String
                • Unescape String
              • Conversion
                • Convert Area
                • Convert Data Units
                • Convert Distance
                • Convert Mass
                • Convert Speed
                • List to String
                • String to List
              • Data format
                • From Base
                • From Base64
                • From Hex
                • To Base
                • To Base64
                • To Hex
              • Date / Time
                • From Unix Timestamp
                • To Timestamp
                • To Unix Timestamp
                • Translate Datetime Format
              • Encoding / Decoding
                • From Binary
                • To Binary
                • To Decimal
              • Encryption / Encoding
                • JWT Decode
              • File system permissions
                • Parse Unix file permissions
              • Format conversion
                • CSV to JSON
                • JSON to CSV
              • Hashing
                • Keccak
                • MD2
                • MD4
                • MD5
                • SHA0
                • SHA1
                • SHA2
                • SHA3
                • Shake
                • SM3
              • Networking
                • Defang IP Address
                • Defang URL
                • Extract IP Address
                • Fang IP Address
                • Fang URLs
                • IP to Hexadecimal
                • Parse URI
                • URL Decode
                • URL Encode
              • Other
                • Parse Int
              • String
                • Length
              • Text sample adding
                • Pad Lines
              • Utils
                • Byte to Human Readable
                • Count Occurrences
                • CRC8 Checksum
                • CRC16 Checksum
                • CRC24 Checksum
                • CRC32 Checksum
                • Credit Card Obfuscator
                • Filter
                • Find and Replace
                • Regex
                • Remove Whitespace
                • Reverse String
                • Shuffle
                • Sort
                • Substring
                • Swap Case
                • To Lower Case
                • To Upper Case
          • Flat JSON
          • JSON Transformation
          • JSON Unroll
          • Math Expression
          • Parser
            • PCL (Parser Configuration Language)
        • Utils
          • Unique
      • Data sinks
      • Bulk Changes
      • Publishing & Versioning
      • Test your Pipeline
    • Data sinks
      • Data sink Integrations
        • Amazon S3
        • Amazon SQS
        • Azure Blob Storage
        • Azure Event Hubs
        • Devo
        • Google BigQuery
        • Google Cloud Storage
        • Google Pub/Sub
        • HTTP
        • Jira
        • Mail
        • Null
        • OpenTelemetry
        • PagerDuty
        • Pushover
        • Qradar
        • Relational Databases
        • ServiceNow
        • Slack
        • Splunk HEC
        • Syslog
        • TCP
        • Telegram
        • Twilio
    • Alerts
  • YOUR VAULT
    • Enrichment
    • Data History
    • Actions
  • ADMINISTRATION
    • Tenant Menu
    • Global Settings
      • Your Account
      • Organization Settings
        • Secrets Management
      • Tenant
        • Authentication
        • Users
        • Activity Log
  • MARKETPLACE
    • Onum Marketplace
      • Pulling Pipelines
        • Netskope Events Alert
        • OKTA System Log API
        • Sophos Connector SIEM
Powered by GitBook
On this page
  • Overview
  • Ports
  • Configuration
  • Example

Was this helpful?

Export as PDF
  1. THE WORKSPACE
  2. Pipelines
  3. Actions
  4. Formatting

Message Builder

Most recent version: v0.2.1

PreviousFormattingNextTransformation

Last updated 27 days ago

Was this helpful?

See the changelog of this Action type .

Overview

The Message Builder Action allows users to define new messages by combining different input fields.

AI Action Assistant

Ports

These are the input and output ports of this Action:

Input ports
  • Default port - All the events to be processed by this Action enter through this port.

Output ports
  • Default port - Events are sent through this port if no error occurs while processing them.

  • Error port - Events are sent through this port if an error occurs while processing them.

Configuration

1
2

To open the configuration, click the Action in the canvas and select Configuration.

3

Enter the required parameters:

Parameter
Description

Fields*

Fields beginning with _ are internal fields.

Destination Field Name*

Give your message a name to identify it by in the end destination.

Message*

To include a field in your message, drag it from the Fields area and drop it into the Message area.

The expressions should be strings that, optionally, may contain field names. For example:

where ${myField} will be replaced with the actual value in the event.

Optionally, the action provides the following features depending on the argument delimiter behavior and the given delimiter and replacement values:

  • REPLACE: replaces delimiter with replacement on each event field.

  • DELETE: deletes delimiter on each event field.

  • QUOTE: adds double quotes surrounding an event field if it contains delimiter.

  • ESCAPE: adds a backslash (\) before each delimiter on each event field.

To select more than one at once, click a field in the Fields area and select the checkboxes next to the name, then select Add fields.

Field delimiter

You can add a Delimiter to separate the fields in your message string.

If delimiter matches

Choose what to do when your delimiter appears in the input messages.

4

Click Save to complete.

Example

Let's say you have received raw data in JSON format and wish to extract the fields and format them as a CSV.

1

Raw data

[
  {
    "username": "user_1",
    "method": "POST",
    "endpoint": "breach log",
    "ip": "10.XXX.XX.XX",
    "description": "[Role] User performed an action on breach log",
    "viewport": [1920, 955],
    "usage": true
  },
  {
    "username": "user_1",
    "method": "POST",
    "endpoint": "event log",
    "ip": "10.XXX.XX.XX",
    "description": "[Role] User performed an action on event log from breach log",
    "viewport": [1920, 955],
    "usage": true
  },
  {
    "username": "service_user",
    "method": "POST",
    "endpoint": "/admin/age",
    "ip": "127.0.0.1",
    "status": 400
  },
  {
    "username": "user_2",
    "method": "POST",
    "endpoint": "/sso/login",
    "ip": "10.XXX.XX.XX",
    "status": 302
  }
]
2

Parse the JSON

Add a Parser to the canvas and extract the fields using the automatic parsing.

You have extracted the endpoint, ip, method, status and username into separate fields.

3

Build the message

Now use the Message Builder to create a CSV containing these fields as one message.

Drag the following fields to the Message area:

  • method

  • description

  • object

  • endpoint

  • ip

  • status

  • username

  • port

Fields delimiter: ,

if delimiter matches: Put "" in quotes.

In order to configure this Action, you must first link it to a Listener. Go to to learn how to link.

This Action has an AI-powered chat feature that can help you configure its parameters. Read more about it in .

Find Message Builder in the Actions tab (under the Formatting group) and drag it onto the canvas. Link it to the required and .

This is where you specify the fields you wish to include in your message, by type.

this is an example with the value: ${myField}
Building a Pipeline
this article
Listener
Data sink
color coded
here