Manage properties metadata
Supported in:
The properties metadata enable you to rewrite how event fields will be presented and under what category they appear such as case overview – event fields and entity screen – enrichment fields. So for example, I can create a properties metadata in the platform so that all the events or enrichments fields that start with the VT_ prefix will be grouped under the VirusTotal category.
Once you have created the metadata property, you can validate it following the procedure below.
To add properties metadata:
-
Navigate to Settings > Data Configuration > Properties Metadata.
- Click on the top right of the screen.
-
Add in the relevant information as follows:
- System Name: this is the name of the raw field
- Display Name: how you want it to display on the screen
- Group Name: name of group/category it will appear under
- Prefix: Used for grouping multiple fields together. Add in a prefix to group them together
-
Trim Prefix: so that the prefix does not display as part of the field
name.
Example – "VT_department" will be presented as "department" in case you defined "VT_" prefix and trimmed it - Is displayed: Select this checkbox to display the field on the screen
- Is highlighted: Select this checkbox to display the field in the Highlighted section of the screen.
- Click Add.
To validate the properties metadata (without adding a Prefix):
- Add properties metadata for a specific field without a prefix such as File Name as follows:
- Click Add.
- Navigate to the Cases screen > Alerts Event Tab > View More.
-
Click View More. The Category File appears in the side drawer.
To validate the properties metadata (with a Prefix):
-
Add properties metadata for multiple fields including a VT prefix as
follows:
- Click Save.
- Navigate to the Cases screen.
-
In either the Cases Overview tab or the Alerts Overview tab, navigate to the
Entities Highlights widget and click on an Entity. You will be
directed to the Entity Details.