case_sensitive - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2025-01-16
Category
Administrator Guide
Abstract

Learn more about the Cortex Query Language case_sensitive config stage.

Syntax
config case_sensitive = true | false
Description

The case_sensitive configuration identifies whether field values are evaluated as case sensitive or case insensitive. The config case_sensitive stage must be added at the beginning of the query. You can also add another config case_sensitive stage when adding a join or union stage to a query.

If you do not provide this stage in your query, the default behavior is false, and case is not considered when evaluating field values.

Examples
config case_sensitive = true 
| dataset = xdr_data 
| fields actor_process_image_name as apin 
| filter apin != NULL and apin contains "python" 
| limit 100