Enrichment Lists

Running searches is often a very static experience. Users search for key words or phrases that they know in order to return specific results.

Sometimes the data that users want to see is more dynamic and changes often. For example, an administrator may need to review log messages that are sourced or destined for any IP that is part of the international blacklist. Since this list is changing and not known by most administrators, it is difficult to create a query that would collect the right information. Using a dynamic list, the administrator can reference this changing list in any saved query to accurately achieve results.

LogLogic LMI provides a few built-in Enrichment Lists. Users can also create their own, if required. To create Enrichment Lists by using configuration files, you must have administrator privileges and must login using the toor account. All types of users can create Enrichment Lists from the GUI.

However, deleting and modifying can be done by all types of users only from the GUI.

For instructions on how to create or modify an Enrichment List by using the GUI, see Enrichment Lists.

Note: This feature is available only if the Advanced Features option is enabled by using the Enable Advanced Features option in General Settings.

Contents

Index

Search Results

Enrichment Lists