Create a Filter Example - Administrator Guide - 6.6 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.6
Creation date
2022-09-29
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Example of how to create a filter in Cortex XSOAR. Filter all EWS Item names with a particular extension. filters objects transformers playbooks

In this example, we want to filter all EWS Item names that have the extension exe.

playbook-context.png
  1. From the Filters & transformers window, in the Get field, type EWS.Items.Name to extract all Item names in EWS.

    Cortex XSOAR calculates that the context root to filter is EWS.Items.

    playbook-ews-filter.png
  2. In the Filter section, click Add filter.

  3. In the left-hand side, add Extension to the filter.

  4. Select Equals (String) → ignore case.

  5. In the right-hand side add exe.

    playbook-filter-ews.png
  6. Click the tick box to save the filter.

  7. Click Test.

    You can see we have filtered all Item names that have the extension exe.

    playbook-test-v6.png