Home
Reference
Find details on the SPL language, toolkits, APIs, commands, and more.
Toolkits
A toolkit is a set of SPL artifacts, which are organized into a package. Toolkits make SPL or native functions and primitive or composite operators reusable across different applications.
Toolkits
Toolkit com.teracloud.streams.cybersecurity 5.0.0

Welcome
Learn about the core capabilities of Teracloud® Streams, its architecture, and key concepts.
Installing
Use this information to install, upgrade, and uninstall the Teracloud® Streams product.
Configuring
Create a basic or an enterprise domain which is a single point for configuring and managing common resources, security, and instances.
Administering
Administer the product by using the Teracloud® Streams graphical user interface, APIs, or the streamtool command-line interface.
Developing
Develop stream applications with the Streams Processing Language (SPL), Java, and Python.
Troubleshooting
Resolve problems with Teracloud® Streams using the troubleshooting tools provided with the product as well as the resources offered by Teracloud Support.
Reference
Find details on the SPL language, toolkits, APIs, commands, and more.
- APIs
  Application programming interfaces (APIs) provide functions that simplify applications development.
- Job configuration overlays
  You can specify or change configuration parameters when you use the submitjob or updateoperators operations. The settings control submission constraints, host constraints and locations, and operator status. Parameters are captured and updated in the configuration JSON file. When you change the values in the job configuration overlay file, the changes override any previously set values.
- Commands
  Teracloud® Streams provides a number of commands you use to perform tasks.
- Operator model
  An operator model is an XML document that describes the basic properties of a primitive operator.
- Streams Processing Language (SPL)
  Streams Processing Language (SPL) is a distributed data flow composition language that is used in Teracloud® Streams. SPL has primitive types, program structures, and definitions that are tailored for streaming data.
- Toolkits
  A toolkit is a set of SPL artifacts, which are organized into a package. Toolkits make SPL or native functions and primitive or composite operators reusable across different applications.
  - Specialized toolkit requirements and restrictions
    Several of the specialized toolkits require RPMs that are not required by the Teracloud® Streams product. There are also toolkit restrictions on some platforms.
  - Toolkits
- SPLDOC markup
  You can use SPLDOC markup in the descriptions associated with the SPL artifacts in a toolkit. The spl-make-doc command generates HTML documentation from the marked up artifacts.
Glossary
Use this glossary to find terms and definitions for Teracloud® Streams.

Toolkit com.teracloud.streams.cybersecurity 5.0.0

General Information

The Cybersecurity Toolkit provides operators that are capable of analyzing DNS response records. The operators in this toolkit use machine learning models to analyze DNS traffic and report on suspicious behaviour.

The DomainProfiling and HostProfiling operators build profiles using windows of DNS response records and reports if the behaviour of a domain or host is suspicious compared to other domains or hosts in the network. The PredictiveBlocklisting operator uses an SPSS model to predict if a domain should be blocklisted.

The toolkit also comes with the BWListTagger operator. The operator loads block and allow lists containing domains and IPs and then tags incoming domains and IPs as either being in the block list or the allow list.

Network Toolkit Requirement

Applications that use the Cybersecurity Toolkit must also add the com.teracloud.streams.network toolkit as a dependency. The Network Toolkit contains operators to ingest and parse DNS traffic.

SPSS Toolkit

In order to use the PredictiveBlocklisting operator, applications must add the com.ibm.spss.streams.analytics as a dependency. This toolkit is available in the IBM SPSS Modeler Solution Publisher product.

Release notes

Version: 5.0.0
Required Product Version: 7.2.0.0

Indexes


Namespaces
Operators
Functions
Types

Namespaces

com.teracloud.streams.cybersecurity.adapters

Operators

QRadarSink

com.teracloud.streams.cybersecurity.analytics

Operators

com.teracloud.streams.cybersecurity.extractors

Operators

PredictiveBlocklistingFE

com.teracloud.streams.cybersecurity.functions

Functions

convertIPv4AddressStringsToNumbers(list<rstring>, list<uint16>)

com.teracloud.streams.cybersecurity.tagging

Operators

BWListTagger

com.teracloud.streams.cybersecurity.types