Abstract
Advanced example of how to create a filter in Cortex XSOAR.
In this example, we want to see the LastResolved
time only from the demisto.com
host name.
This is part of the data where we want to filter:
{ "IP": [ { "Address": "192.168.10.96", "AutoFocus": { "Resolutions": [ { "Hostname": "79463wwfqq,dattolocal.net", "LastResolved": "2022-08-02 04:01:02" }, { "Hostname": "demisto.com", "LastResolved": "2022-09-10 09:47:17" }, { "Hostname": "securesense.call4pchelp.com", "LastResolved": "2022-04-22 11:49:06" } ] } }, { "Address":"192.168.10.96", "AutoFocus": { "Resolutions":[ { "Hostname":"79463wwfqq,dattolocal.net", "LastResolved":"2022-08-02 04:01:02" }, { "Hostname":"demisto.com", "LastResolved":"2022-09-10 09:47:17" }, { "Hostname":"securesense.call4pchelp.com", "LastResolved":"2022-04-22 11:49:06" } ] } } ] }
From the Filters & transformers window, in the Get field, type
IP.AutoFocus.Resolutions.LastResolve
.In the Filter section, click Add filter.
Cortex XSOAR automatically calculates that the context root to filter is
IP.AutoFocus.Resolutions
.In the left-hand side, add
Hostname
to the filter.Select
→In the right-hand side add
demisto.com
.Click the checkbox to save.
Click Test.