Filters and Transformers - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.10
Creation date
2022-10-13
Last date published
2024-03-28
End_of_Life
EoL
Category
Administrator Guide
Abstract

Use filters and transformers to manipulate data in Cortex XSOAR. Use filters and transformers in playbook tasks or when mapping an instance.

In Cortex XSOAR, data is extracted and collected from various sources, such as playbook tasks, command results, and fetched incidents, and presented in JSON format. The data can be manipulated by using filters and transformers. You can add filters and transformers in a playbook task or when mapping an instance.

Filters

Creating filters enables you to extract relevant data, which you can use elsewhere in Cortex XSOAR. For example, if an incident has several files with varying file types and extensions, you can filter the files by file extension or file type, and use the filtered files in a detonation playbook.

You can filter as many objects as required. Cortex XSOAR automatically calculates the context root to which to filter. You can change the context root, as necessary.

Transformers

Creating transformers enables you to take one value and transform or render it to another value. For example, converting a date in non-Unix format to Unix format. Another example is applying the count transformer, which renders the number of elements.

When you have more than one transformer, they apply in the order that they appear. You can reorder them using click-and-drag.