Create Custom Filter and Transformer Operators - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.10
Creation date
2022-10-13
Last date published
2024-03-28
End_of_Life
EoL
Category
Administrator Guide
Abstract

Create a custom filter or transformer in Cortex XSOAR.

If you require a filter or transformer operator that is not provided out of the box, you can create your own by creating a script and then adding to the operators window.

  1. Select Automation → New Automation.

  2. Type a meaningful name for the Automation script, and click Save.

  3. To create a filter operator script, do the following:

    1. In the Tags field, add the filter tag.

      If you want a custom transformer that operates on an entire array rather than on each individual item, you need to add the entirelist tag.

    2. In the Arguments section, add the following arguments:

      Argument

      Description

      left

      Mark as mandatory. This argument defines the left-side value of the transformer operation. In this example, this is the value being checked if it falls within the range specified in the right-side value.

      right

      Mark as mandatory. This argument defines the right-side value of the transformer operation. In this example, this is the range to check if the left-side value is in.

      playbook-automation.png
    3. Add the script syntax and save.

  4. To create a transformer operator script do the following:

    1. In the Tags field, add the transformer tag.

    2. In the Arguments section, add the following arguments:

      Argument

      Description

      value

      Mark as mandatory. The value to transform. In this example, this is the UNIX epoch timestamp to convert to ISO format.

      playbook-automation-tran.png
    3. Add the script syntax and save.

  5. Go to the filters and transformers window and select the operator.

    playbook-operator.png