In this example, we want to see the LastResolved
time only from the demisto.com
host name.
This is part of the data where we want to filter:
{ "IP": [ { "Address": "192.168.10.96", "AutoFocus": { "Resolutions": [ { "Hostname": "79463wwfqq,dattolocal.net", "LastResolved": "2022-08-02 04:01:02" }, { "Hostname": "demisto.com", "LastResolved": "2022-09-10 09:47:17" }, { "Hostname": "securesense.call4pchelp.com", "LastResolved": "2022-04-22 11:49:06" } ] } }, { "Address":"192.168.10.96", "AutoFocus": { "Resolutions":[ { "Hostname":"79463wwfqq,dattolocal.net", "LastResolved":"2022-08-02 04:01:02" }, { "Hostname":"demisto.com", "LastResolved":"2022-09-10 09:47:17" }, { "Hostname":"securesense.call4pchelp.com", "LastResolved":"2022-04-22 11:49:06" } ] } } ] }
From the Filters & transformers window, in the Get field, type
IP.AutoFocus.Resolutions.LastResolve
.In the Filter section, click Add filter.
Cortex XSOAR automatically calculates that the context root to filter is
IP.AutoFocus.Resolutions
.In the left-hand side, add
Hostname
to the filter.Select
→In the right-hand side add
demisto.com
.Click the checkbox to save.
Click Test.