Example

Cortex XSIAM Platform APIs

The rule parameter is a JSON-encoded string. Each filter clause specifies a SEARCH_FIELD (a value from this page), a SEARCH_TYPE (comparison operator), and a SEARCH_VALUE.

{
  "filter": {
    "AND": [
      { "SEARCH_FIELD": "xdm.target.host.fqdn", "SEARCH_TYPE": "EQ", "SEARCH_VALUE": "host.example.com" }
    ]
  }
}