Alert Field Types - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide
Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-04-18
Category
Administrator Guide
Abstract

When creating alert fields, you can add field types, such as boolean, date picker, and grid (table).

You can create the following types of alert fields.

Field

Description

Boolean

True or False

  • Incoming values 0, false, and False are treated as False.

  • Incoming values true, True, or any number besides 0 are treated as True.

  • Other values are treated as null.

Date picker

Adds the date to the field.

Supported time formats for validation are ISO 8601 and Epoch. Other values are treated as null.

Note

You cannot set filters, starring rules, playbook triggers, layout rules, or alert exclusions based on the values in custom timestamp fields.

Grid (table)

Include an interactive, editable grid as a field. For details, see Create a Grid Field.

Note

When grid field is shown in the Alerts table, if there are values in the field, they do not display in the Alerts table. Instead, the column shows Data Available.

HTML

Create and view HTML content.

Note

When an HTML field is shown in the Alerts table, if there is a value in the field, it does not display in the Alerts table. Instead, the column shows Data Available.

Long text

  • Long text is analyzed and tokenized, and entries are indexed as individual words, enabling you to perform advanced searches and use wildcards.

  • Long text fields cannot be sorted and cannot be used in graphical dashboard widgets.

  • While editing a long text field, pressing enter will create a new line. Case is insensitive.

Markdown

Add markdown-formatted text as a Template which is displayed to users in the field. Markdown lets you add basic formatting to text to provide a better end-user experience.

Note

When a Markdown field is shown in the Alerts table, if there is a value in the field, it does not display in the Alerts table. Instead, the column shows Data Available.

Multi select / Array

Includes two options:

  • Multi select from a pre-filled list.

  • An empty array field for the user to add one or more values as a comma-separated list.

In the Basic Settings section, enter a comma-separated list of values.

Number

Can contain any number. Default is 0.

Short Text

  • Short text is treated as a single unit of text, and is not indexed by word. Advanced search, including wildcards, is not supported.

  • Short text fields are case insensitive.

  • While editing a short text field, pressing enter will save and close.

  • Recommended use is one word entries. Examples: username, email address, etc.

Single select

Select one from a list of options. Add a list of comma-separated values. By default, the first value is used, unless the checkbox for Use first as default is cleared.

Timer

Timer fields enable you to view how much time has passed since the timer was started and how much time remains until the timer times out. You can also configure a script to run when a timer times out.

URL

Contains a URL.