Abstract
Example of how to create a filter in Cortex XSIAM. Filter all EWS Item names with a particular extension. filters object transformers playbooks
In this example, we want to filter all EWS Item names that have the extension exe
.
From the Filters & transformers window, in the Get field, type
EWS.Items.Name
to extract all Item names in EWS.calculates that the context root to filter is
EWS,Items
.In the Filter section, click Add filter.
In the left-hand side, add
Extension
to the filter.Select
→ .In the right-hand side add
exe
.Click the tick box to save the filter.
Click Test.
You should see Item names are filtered with the extension
exe
.