In Cortex XSOAR, data is extracted and collected from various sources, such as playbook tasks, command results, and fetched incidents, and presented in JSON format. The data can be manipulated by using filters and transformers. You can add filters and transformers in a playbook task or when mapping an instance.
Creating filters enables you to extract relevant data, which you can use elsewhere in Cortex XSOAR. For example, if an incident has several files with varying file types and extensions, you can filter the files by file extension or file type, and use the filtered files in a detonation playbook.
You can filter as many objects as required. Cortex XSOAR automatically calculates the context root to which to filter. You can change the context root, as necessary.
Creating transformers enables you to take one value and transform or render it to another value. For example, converting a date in non-Unix format to Unix format. Another example is applying the
count transformer, which renders the number of elements.
When you have more than one transformer, they apply in the order that they appear. You can reorder them using click-and-drag.