Create a filter example - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-11-04
Category
Administrator Guide
Abstract

Example of how to create a filter in Cortex XSIAM. Filter all EWS Item names with a particular extension. filters object transformers playbooks

In this example, we want to filter all EWS Item names that have the extension exe.

playbook-context.png
  1. From the Filters & transformers window, in the Get field, type EWS.Items.Name to extract all Item names in EWS.

    calculates that the context root to filter is EWS,Items.

    filter-name.png
  2. In the Filter section, click Add filter.

  3. In the left-hand side, add Extension to the filter.

  4. Select Equals (String) → ignore case.

  5. In the right-hand side add exe.

    filter-exe.png
  6. Click the tick box to save the filter.

  7. Click Test.

    You should see Item names are filtered with the extension exe.