current_time - Reference Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM XQL Language Reference

Product
Cortex XSIAM
Creation date
2023-10-30
Last date published
2024-03-27
Category
Reference Guide
Abstract

Learn more about the Cortex Query Language current_time() function that returns the current time as a timestamp.

Syntax

current_time()

Description

The current_time() function returns a timestamp value representing the current time in the format MMM dd YYYY HH:mm:ss, such as Jul 12th 2023 20:51:34.

Example

From the xdr_data dataset, returns the events of the last 24 hours whose actor process started running more than 30 days ago.

dataset = xdr_data
| filter timestamp_diff(current_time(),to_timestamp(actor_process_execution_time, "MILLIS"), "DAY") > 30