Enrichment rules in Exposure Analytics
Exposure Analytics can normalize, enrich, and add field values in its inventories. For example, using enrichment rules, Exposure Analytics can normalize the values "Microsoft Windows Server 2003 R2" and "MS Win 2003 Server" between two different data sources.
Each enrichment rule has at least one enrichment rule parameter, which contains input and output fields. The input and output fields represent asset record fields within the inventory. For example, an operating system enrichment rule might specify the os field as an input and then the os and asset_type fields as outputs. The following table provides examples of parameters for this particular enrichment rule:
| input (os) | output (os) | output (asset_type) |
|---|---|---|
| *windows xp* | Windows XP | Workstation |
| *osx 3* | Mac OSX 3 | Workstation |
| Win2016 | Windows 2016 Server | Server |
In this example, Exposure Analytics analyzes the data from the input field, or os, and uses it to do the following:
- Normalize the
osfield values to have consistent outputs - Populate the
asset_typefield values
The os_to_asset_type rule is one of a few known rules available and active by default.
When adding parameters to a predefined rule, you do not need to populate every output field. For example, a rule with an output of os, asset_type, vendor, and product will only enrich the fields that are explicitly specified in the parameter. Leaving vendor and product blank will result in only os and asset_type being enriched. This means that adding a new parameter to an existing rule is often all that is needed, rather than creating an entirely new rule.