Create a Filter Example - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.10
Creation date
2022-10-13
Last date published
2023-12-06
Category
Administrator Guide

In this example, we want to filter all EWS Item names that have the extension exe.

playbook-context.png
  1. From the Filters & transformers window, in the Get field, type EWS.Items.Name to extract all Item names in EWS.

    Cortex XSOAR calculates that the context root to filter is EWS.Items.

    playbook-ews-filter.png
  2. In the Filter section, click Add filter.

  3. In the left-hand side, add Extension to the filter.

  4. Select Equals (String)ignore case.

  5. In the right-hand side, add exe.

    playbook-filter-ews.png
  6. Click the checkbox to save the filter.

  7. Click Test.

    You can see we have filtered all item names that have the extension exe.

    playbook-test-v6.png