Learn R Programming
AnomalyDetection (version 0.1.2)

tabulate_state_vector: Tabulate State Vector

Description

tabulate_state_vector employs a tabulated vector approach to transform security log data into unique counts of data attributes based on time blocks. Taking a contingency table approach, this function separates variables of type character or factor into their unique levels and counts the number of occurrences for those levels within each block. Due to the large number of unique IP address, this function allows for the user to determine how many IP addresses they would like to investigate (takes the top occurrences for IP variables).

Usage

tabulate_state_vector(data, block_length, level_limit = 50, level_keep = 10)

Arguments

data

data

block_length

integer value to divide data by

level_limit

integer value to determine the cutoff for the number of factors in a column to display before being reduced to show the number of levels to keep (default is 50)

level_keep

integer value indicating the top number of factor levels to retain if a column has more than the level limit (default is 10)

Value

A data frame where each row represents one block and the columns count the number of occurrences that character/factor level occurred in that block

Examples

Run this code
# NOT RUN {
tabulate_state_vector(security_logs, 30)

# }

Run the code above in your browser using DataLab