Skip to main content Link Search Menu Expand Document (external link)

Processing - use

Table of contents
  • use TableName

Set the current default table to a saved one.

Example:

function  loadDevices()
  load resource FEHxDevice
  let {uuid="_id", ad_common_names, hostname,last_poll_ip,last_poll_timestamp,primary_ip_address, osName="os.product_name"}=f("@FEHxDevice")
end

function loadUniqueDevices()
  load resource FEHxDevice
  let {uuid="_id", ad_common_names, hostname,last_poll_ip,last_poll_timestamp,primary_ip_address, osName="os.product_name"}=f("@FEHxDevice")
  aggregate last_poll_timestamp=max(last_poll_timestamp) by hostname
end

function  loadAgents()
  load resource sentinelOneAgent
  let {uuid, computerName} = f("@sentinelOneAgent")
end

stream  devices=loadDevices()
stream  uniqueDevices=loadUniqueDevices()
join devices on hostname, last_poll_timestamp
export fireeyeHxDevices

stream  agents=loadAgents()
use fireeyeHxDevices
except {hostname="computerName"}=agents

This case is similar to the one in export with three more sentences at the end. Only the last three tables are shown. use fireeyeHxDevices sets the current table, which is supposed to be “agent”, to “fireeyeHxDevices”. Then, the following command (the last sentence) is applied to the table “fireeyeHxDevices”.