Bots

Bots: A bot deals with a particular task or a data function. There are three types of pre-fixes to a bot's name.

#: Bot is source filtered. It means the data queries and filters are applied while querying the data from the data source.

*: Bot is destination filtered. It means the data queries and filters are applied after retrieving the complete data from the data source. It is not an efficient approach when dealing with a large amount of data, however, it can be used if the data source does not support filtering capability while querying the data.

@: API Endpoint. This dataset is a wrapper for an API offered by a data source.

This section covers the user interface functionality of RDA bots functionality along with a couple of data function examples. These bots or bot libraries are pre-built RDA functionality that can be leveraged by pipelines to solve user's use-cases.

The following screenshot shows the main RDA landing page depicting the inline 'Explore' action button using which users can click to navigate to 'Bots' functionality as shown below.

Users can click the 'Explore' button on the top right-hand corner (as shown in the above screenshot) to navigate to the Bots UI screen (as shown in the below screenshot).

The above screenshot depicts bots libraries that are part of pre-packaged RDA.

Each of the above bot libraries provides one logical task or logical function that can be used as part of pipelines to solve a use-case or a logical problem in cfXOIA.

A few example bots are covered in the following sections to explain each bot's functionality. The users can leverage in pipelines (pipelines section covers more in the later section).

@c:new-block - Start a new block within the pipeline.

Users can use this bot in order to start a new logical section within the pipeline in cfxOIA RDA.

The following code snippet shows a simple pipeline where the '@c:new-block' bot is used to start a new block in the logical flow of a pipeline.

@dm:empty
    --> @dm:addrow d = 'Hello World'
    --> @dm:save name = 'hello-world-pipeline'

    --> @c:new-block
    --> @dm:recall name = 'hello-world-pipeline'

@files:loadfile - Load the file using filename, filetype, and sheet parameters

Users can use this bot in order to load files of various types into the RDA environment. RDA supports the following file types:

1. CSV files

2. Excel files

3. Excel files with sheets

4. JSON files

Note: File type is either csv/json/xlsx. If not specified, it will be derived from the file extension

The following code snippet shows a simple pipeline where the '@files:loadfile' bot is load a file into the RDA environment.

@files:loadfile filename = "hosts.csv"
--> @dm:save name = ' hosts-dataset'

*dm: filter - Apply CFXQL filtering on the data.

This bot is destination filtered. Users can use this bot to filter the data using query (or queries), store the data back in datasets.

The following code snippet shows a simple pipeline where the '*dm: filter' bot' is used to filter the data and query only a few column names from the complete dataset using pipelines as shown below.

@files:loadfile filename = "surveys.csv"
--> @dm:save name = 'cfxdm-basic-filter'
--> *dm:filter * get record_id,plot_id, month,year

Note: Refer to CFXQL documentation for more details on filtering capabilities. Also, refer to AIOPs studio RDA documentation for more details on the usage.

@dm: functions - List of functions available for mapping in 'map' bots

This bot library is very powerful and useful for building simple to complex pipelines. cfxOIA uses these functions to map inbound alerts, incidents, and other dynamic payload data to internal operations (e.g alert enrichment, co-relation, etc.).

The following code snippet shows a simple pipeline where the '@dm: map' bot' is used to map column names to user-defined names as shown in the below code snipped (e.g. a new label column is added to the dataset off-of ip_address, hostname using @dm: map bot. In case if the value in one of the two columns is not available, the @dm: map function within the pipeline is instructed to substitute, 'No Label'.

@dm:empty
    --> @dm:addrow ip_address = '10.10.1.1' & hostname = 'host-1-1' & id = 'a1'
    --> @dm:addrow ip_address = '10.10.1.2' & id = 'a2'
    --> @dm:addrow hostname = 'host-1-4' & id = 'a4'
    --> @dm:addrow  id = 'a5'
    --> @dm:map from = 'ip_address,hostname' & to = 'label' & func = 'any_non_null' & default = 'No Label'

In addition to the above-explained bots (bot libraries), there are various bot libraries that are provided as part of cfxOIA RDA functionality.

Standalone RDA provides AIOps studio that supports all the above-explained libraries and bots that users can leverage other bot functionalities. Refer to AIOps studio documentation for more details.