Step: Calculate

Performs math operations on a value in one of the variables in the table data of the package.

Operates on table variable values

Allows Freemarker templates to select values

  • Formula: the actual math you want to perform on one or more of your variable values in your package table.
    • add +
    • subtract -
    • multiply *
    • divide /
    • grouping ( )
    • no exponent operands are supported
    • Order of operations is parentheses first, then processed from left-to-right
    • The value can be a string (text) but only if it is valid to convert it to a number
    • Use Freemarker templates to reference values in the package table. If you will be dealing with numbers over 1,000, add a ?c to the end to remove any comma separators. Examples: ${firstNumber[0]?c} ${secondNumber?c}
  • Trim Decimals from Result: if checked, ignore the numbers after the decimal point and store it as a whole number
  • Output Variable: saves the resulting string into a new variable in the table. If an existing variable name is used, the result will overwrite the original value.

One pattern to track severity or risk inside a playbook is to use a Set Value step to set a variable called riskscore to a value of 0. Later in the playbook, when that number needs to be increased, use the Calculate step as follows:

  • Formula ${riskscore[0][0]}+3
  • Trim: Checked
  • Output Variable: riskscore (replaces the incoming variable value)

Now as the package flows through the steps in the playbook, its internal value of riskscore can go up or down as needed, and can be used by a Value Number Filter (if greater than or equal to 3…) to direct the package to different steps in the playbook.

The value of riskscore can even be added to a graph object by using a Query Package step with a CONSTRUCT statement. (See Windows | Potential Malicious Process Created for an example playbook using this pattern.)

  • step/calculate
  • Last modified: 2018/10/24 23:28