object_create - Reference Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR XQL Language Reference

Product
Cortex XDR
Creation date
2024-02-26
Last date published
2024-05-21
Category
Reference Guide
Abstract

Learn more about the Cortex Query Language object_create() function.

Syntax

object_create ("<key1>", "<value1>", "<key2>", "<value2>",...)

Description

The object_create() function returns an object based on the given parameters defined for the key and value pairs. Accepts n > 1 even number of parameters.

Example

Returns a final object to a field called a that contains the key and value pair {“2”:“password”}, where the "password" value is comprised by joining 2 values together.

dataset = xdr_data
| alter a = object_create("2", concat("pass", "word"))
| fields a