Skip to main content

Configure Entropy Generation Details

See Entropy for an overview of the concept of entropy in Moogsoft Onprem. See Alert Analyzer Utility for more information on how Moogsoft Onprem calculates entropy values.

Configure entropy generation details in the UI

To configure the Alert Analyzer generation details, follow these steps:

Before you begin

Ensure that entropy generation is enabled. See Configure Entropy Generation Schedule for more information.

Entropy Generation Details

Priority and Stop Words

Stop Words

The Alert Analyzer ignores stop words in its entropy calculation. To use stop words:

  1. Moogsoft Onprem enables stop words by default. If you want to disable stop words, clear the Use Stop Words check box.

  2. Enter an integer in the Stop Word Minimum Length field to ignore all words of that length or less from entropy calculation. For example, if you enter 2, the Alert Analyzer automatically ignores words like 'in', 'at', and 'to' in its entropy calculations.

  3. Moogsoft Onprem provides a list of stop words. You can add words to this list, or remove them, by editing the list using the comma-separated format.

Priority Words

The Alert Analyzer gives any events containing a priority word a maximum entropy value of 1 in its calculation to ensure that they are included in a Situation. To use priority words:

  1. Moogsoft Onprem disables priority words by default. If you want to use priority words, select the Use Priority Words check box.

  2. Enter a list of priority words using a comma-separated format. You can add words to an existing list, or remove them, by editing the list using the comma-separated format.

Masking

Addresses

You can exclude certain types of addresses from the entropy calculation. Select the check boxes for the addresses that you want to exclude:

  • File Paths: The Alert Analyzer excludes file paths from its entropy calculation. For example: $MOOGSOFT_HOME/config/system.conf.

  • IP Addresses: The Alert Analyzer excludes IP addresses from its entropy calculation. For example: 77.131.131.77.

  • MAC Addresses: The Alert Analyzer excludes MAC addresses from its entropy calculation. For example: e0:2b:13:es:89:43.

  • URLs: The Alert Analyzer excludes URLs from its entropy calculation. For example: https://www.moogsoft.com/.

  • Emails: The Alert Analyzer excludes email addresses from its entropy calculation. For example: david.bowie@blackstar.com.

Date/Time Values

If you want to exclude date and time values from the entropy calculation, select the Dates and Times check box.

Numbers

You can exclude numbers from the entropy calculation. Select the check boxes for the addresses that you want to exclude:

  • Numbers: The Alert Analyzer excludes ordinary numbers, such as 12345, from its entropy calculation.

  • Hex-Formatted Numbers: The Alert Analyzer excludes hex numbers, such as 3ADE68B1, from its entropy calculation.

IDs

You can exclude certain IDs from the entropy calculation. Select the check boxes for the IDs that you want to exclude:

  • OIDs: The Alert Analyzer excludes object identifiers (OIDs) from its entropy calculation. See here for more information on OIDs.

  • GUIDs: The Alert Analyzer excludes globally unique identifiers (GUIDs), also know as universally unique identifiers (UUIDs), from its entropy calculation. See here for more information.

Configure entropy generation details using the Graze API

Configure Alert Analyzer partitions

See Alert Analyzer Utility for more information on partitions in the Alert Analyzer.

In this section: