LinkedIn
Twitter
We've got more statistical functions for you today! Let's take a look at the functions window.variance and window.stddev; both of which can be used with rules and searches in Google SecOps!
Variance, or mean square difference, is calculated by finding the mean and then calculating the difference between each values and the mean and then squaring each difference, which gets rid of negative numbers. Those squared differences are then summed up. Finally to get the variance, we divide that value by the number of values in our dataset. The good news is that the function window.variance does all of that, just provide the field or variable that contains the numeric value.
If you understand how variance is calculated, standard deviation is simple because it's the square root of the variance! Similar to variance, we just need to use the syntax window.stddev followed by the numeric field or variable.
Measurements like variance and standard deviation can be helpful when looking for outliers because we often assume that datasets have a normal distribution. These outliers would have higher variance and a greater standard deviation from the mean.
Both of these functions assume that the the data in the rule or search is being aggregated which means that there is a match section and this function will be used in the outcome section.
Follow along in the video below to see how we can apply this function in our searches and rules.
The functions window.stddev and window.variance provide statistical measures that can be applied to datasets in search and rules. The syntax doesn’t get much simpler, we just need a numeric value from an aggregated dataset to calculate the standard deviation and variance. Remember that standard deviation is derived from variance so you can use one or the other or both.
Check out these additional resources with more information and learning opportunities: