In this example, we want to see the LastResolved time only from the demisto.com host name.
This is part of the data where we want to filter:
{
"IP": [
{
"Address": "192.168.10.96",
"AutoFocus": {
"Resolutions": [
{
"Hostname": "79463wwfqq,dattolocal.net",
"LastResolved": "2022-08-02 04:01:02"
},
{
"Hostname": "demisto.com",
"LastResolved": "2022-09-10 09:47:17"
},
{
"Hostname": "securesense.call4pchelp.com",
"LastResolved": "2022-04-22 11:49:06"
}
]
}
},
{
"Address":"192.168.10.96",
"AutoFocus": {
"Resolutions":[
{
"Hostname":"79463wwfqq,dattolocal.net",
"LastResolved":"2022-08-02 04:01:02"
},
{
"Hostname":"demisto.com",
"LastResolved":"2022-09-10 09:47:17"
},
{
"Hostname":"securesense.call4pchelp.com",
"LastResolved":"2022-04-22 11:49:06"
}
]
}
}
]
}From the Filters & transformers window, in the Get field, type
IP.AutoFocus.Resolutions.LastResolve.
In the Filter section, click Add filter.
Cortex XSOAR automatically calculates that the context root to filter is
IP.AutoFocus.Resolutions.
In the left-hand side, add
Hostnameto the filter.Select →
In the right-hand side add
demisto.com.Click the checkbox to save.
Click Test.
