Skip to content

Commit fd02fbc

Browse files
sebixsebix
committed
fix headings in two bot documentation sections
makes them more readble - format field expert - fake expert
1 parent 49ab311 commit fd02fbc

File tree

1 file changed

+11
-11
lines changed

1 file changed

+11
-11
lines changed

docs/user/bots.md

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -2784,18 +2784,18 @@ For a detailed description of the modes, see below.
27842784

27852785
(optional, boolean) Whether to overwrite existing fields. Defaults to false.
27862786

2787-
### Modes
2787+
#### Modes
27882788

2789-
#### IP Network
2789+
##### IP Network
27902790
For each incoming event, the bots chooses one random IP network range (IPv4 or IPv6) from the configured data file.
27912791
It set's the first IP address of the range as `source.ip` and the network itself as `source.network`.
27922792
To adapt the `source.asn` field accordingly, use the [ASN Lookup Expert](#asn-lookup).
27932793

27942794
For data consistency `source.network` will only be set if `source.ip` was set or overridden.
27952795
If overwrite is false, `source.ip` was did not exist before but `source.network` existed before, `source.network` will still be overridden.
27962796

2797-
#### Event fields
2798-
##### Mode `random_single_value`
2797+
##### Event fields
2798+
###### Mode `random_single_value`
27992799
For any possible event field, the bot chooses a random value of the values in the `values` property.
28002800

28012801
---
@@ -2911,7 +2911,9 @@ String method operations on column values.
29112911

29122912
**Parameters:**
29132913

2914-
*Parameters for stripping chars*
2914+
Order of operation: `strip -> replace -> split`. These three methods can be combined such as first strip and then split.
2915+
2916+
#### Parameters for stripping chars
29152917

29162918
**`strip_columns`**
29172919
(optional, string/array of strings) A list of strings or a string of comma-separated values with field names. The names
@@ -2920,22 +2922,22 @@ must match the IntelMQ Data Format field names.
29202922
For example:
29212923

29222924
```yaml
2923-
columns:
2925+
strip_columns:
29242926
- malware.name
29252927
- extra.tags
29262928
```
29272929

29282930
is equivalent to:
29292931

29302932
```yaml
2931-
columns: "malware.name,extra.tags"
2933+
strip_columns: "malware.name,extra.tags"
29322934
```
29332935

29342936
**`strip_chars`**
29352937

29362938
(optional, string) Set of characters to remove as leading/trailing characters. Defaults to space.
29372939

2938-
*Parameters for replacing chars*
2940+
#### Parameters for replacing chars
29392941

29402942
**`replace_column`**
29412943

@@ -2952,7 +2954,7 @@ columns: "malware.name,extra.tags"
29522954
**`replace_count`**
29532955
() number specifying how many occurrences of the old value you want to replace(default: [1])
29542956

2955-
*Parameters for splitting string to list of string*
2957+
#### Parameters for splitting string to list of string
29562958

29572959
**`split_column`**
29582960

@@ -2962,8 +2964,6 @@ columns: "malware.name,extra.tags"
29622964

29632965
() specifies the separator to use when splitting the string(default: `,`)
29642966

2965-
Order of operation: `strip -> replace -> split`. These three methods can be combined such as first strip and then split.
2966-
29672967
---
29682968

29692969
### Generic DB Lookup <div id="intelmq.bots.experts.generic_db_lookup.expert" />

0 commit comments

Comments
 (0)