Functions - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-01
Category
Administrator Guide
Abstract

Learn more the functions that can be used with Cortex Query Language (XQL) stages in Cortex XDR.

Some Cortex Query Language (XQL) stages can call XQL functions to convert the data to a desired format. For example, the current_time() function returns the current timestamp, while the extract_time() function can obtain the hour information in the timestamp. Functions may or may not need input parameters. The filter and alter stages are the two stages that can use functions for data transformations.