Functions - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-13
Category
Administrator Guide
Abstract

Learn more the functions that can be used with Cortex Query Language (XQL) stages in Cortex XSIAM.

Some Cortex Query Language (XQL) stages can call XQL functions to convert the data to a desired format. For example, the current_time() function returns the current timestamp, while the extract_time() function can obtain the hour information in the timestamp. Functions may or may not need input parameters. The filter and alter stages are the two stages that can use functions for data transformations.