Message Builder

Most recent version: v0.2.0

See the changelog of this Action type .

Overview

The Message Builder Action defines your required data and which parameters must be prioritized.

In order to configure this action, you must first link it to a Listener. Go to Building a Pipeline to learn how to link.

AI Action Assistant

This Action has an AI-powered chat feature that can help you configure its parameters. Read more about it in this article.

Ports

These are the input and output ports of this Action:

Input ports

Default port - All the events to be processed by this Action enter through this port.

Output ports

Default port - Events are sent through this port if no error occurs while processing them.
Error port - Events are sent through this port if an error occurs while processing them.

Configuration

Find Message Builder in the Actions tab (under the Formatting group) and drag it onto the canvas. Link it to the required Listener and Data sink.

To open the configuration, click the Action in the canvas and select Configuration.

Enter the required parameters:

Parameter

Description

Fields*

Fields beginning with _ are internal fields.

Message*

To include a field in your message, drag it from the Fields area and drop it into the Message area.

The expressions should be strings that, optionally, may contain field names. For example:

this is an example with the value: ${myField}

where ${myField} will be replaced with the actual value in the event.

Optionally, the action provides the following features depending on the argument delimiter behavior and the given delimiter and replacement values:

REPLACE: replaces delimiter with replacement on each event field.
DELETE: deletes delimiter on each event field.
QUOTE: adds double quotes surrounding an event field if it contains delimiter.
ESCAPE: adds a backslash (\) before each delimiter on each event field.

To select more than one at once, click a field in the Fields area and select the checkboxes next to the name, then select Add fields.

Destination Field Name*

Give your message a name to identify it by in the end destination.

Delimiter

You can add a Delimiter to separate the fields in your message string.

Click Save to complete.

Example

Let's say you have received raw data in JSON format and wish to extract the fields and format them as a CSV.

Raw data

[
  {
    "username": "user_1",
    "method": "POST",
    "endpoint": "breach log",
    "ip": "10.XXX.XX.XX",
    "description": "[Role] User performed an action on breach log",
    "viewport": [1920, 955],
    "usage": true
  },
  {
    "username": "user_1",
    "method": "POST",
    "endpoint": "event log",
    "ip": "10.XXX.XX.XX",
    "description": "[Role] User performed an action on event log from breach log",
    "viewport": [1920, 955],
    "usage": true
  },
  {
    "username": "service_user",
    "method": "POST",
    "endpoint": "/admin/age",
    "ip": "127.0.0.1",
    "status": 400
  },
  {
    "username": "user_2",
    "method": "POST",
    "endpoint": "/sso/login",
    "ip": "10.XXX.XX.XX",
    "status": 302
  }
]

Parse the JSON

Add a Parser to the canvas and extract the fields using the automatic parsing.

You have extracted the endpoint, ip, method, status and username into separate fields.

Build the message

Now use the Message Builder to create a CSV containing these fields as one message.

Drag the following fields to the Message area:

method
description
object
endpoint
ip
status
username
port

Fields delimiter: ,

if delimiter matches: Put "" in quotes.

PreviousFormatting NextTransformation

Last updated 3 days ago

Was this helpful?

Overview

The Message Builder Action defines your required data and which parameters must be prioritized.

In order to configure this action, you must first link it to a Listener. Go to Building a Pipeline to learn how to link.

AI Action Assistant

This Action has an AI-powered chat feature that can help you configure its parameters. Read more about it in this article.

Ports

These are the input and output ports of this Action:

Input ports

Default port - All the events to be processed by this Action enter through this port.

Output ports

Default port - Events are sent through this port if no error occurs while processing them.
Error port - Events are sent through this port if an error occurs while processing them.

Configuration

Find Message Builder in the Actions tab (under the Formatting group) and drag it onto the canvas. Link it to the required Listener and Data sink.

To open the configuration, click the Action in the canvas and select Configuration.

Enter the required parameters:

Parameter

Description

Fields*

This is where you specify the fields you wish to include in your message, by type.

Fields beginning with _ are internal fields.

Message*

To include a field in your message, drag it from the Fields area and drop it into the Message area.

The expressions should be strings that, optionally, may contain field names. For example:

this is an example with the value: ${myField}

where ${myField} will be replaced with the actual value in the event.

Optionally, the action provides the following features depending on the argument delimiter behavior and the given delimiter and replacement values:

REPLACE: replaces delimiter with replacement on each event field.
DELETE: deletes delimiter on each event field.
QUOTE: adds double quotes surrounding an event field if it contains delimiter.
ESCAPE: adds a backslash (\) before each delimiter on each event field.

To select more than one at once, click a field in the Fields area and select the checkboxes next to the name, then select Add fields.

Destination Field Name*

Give your message a name to identify it by in the end destination.

Delimiter

You can add a Delimiter to separate the fields in your message string.

Click Save to complete.

Example

Let's say you have received raw data in JSON format and wish to extract the fields and format them as a CSV.

Raw data

[
  {
    "username": "user_1",
    "method": "POST",
    "endpoint": "breach log",
    "ip": "10.XXX.XX.XX",
    "description": "[Role] User performed an action on breach log",
    "viewport": [1920, 955],
    "usage": true
  },
  {
    "username": "user_1",
    "method": "POST",
    "endpoint": "event log",
    "ip": "10.XXX.XX.XX",
    "description": "[Role] User performed an action on event log from breach log",
    "viewport": [1920, 955],
    "usage": true
  },
  {
    "username": "service_user",
    "method": "POST",
    "endpoint": "/admin/age",
    "ip": "127.0.0.1",
    "status": 400
  },
  {
    "username": "user_2",
    "method": "POST",
    "endpoint": "/sso/login",
    "ip": "10.XXX.XX.XX",
    "status": 302
  }
]

Parse the JSON

Add a Parser to the canvas and extract the fields using the automatic parsing.

You have extracted the endpoint, ip, method, status and username into separate fields.

Build the message

Now use the Message Builder to create a CSV containing these fields as one message.

Drag the following fields to the Message area:

method
description
object
endpoint
ip
status
username
port

Fields delimiter: ,

if delimiter matches: Put "" in quotes.