Create a Filter Example - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2024-09-18
Last date published
2024-10-31
Category
Administrator Guide
Solution
Cloud
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation
Abstract

Example of how to create a filter in Cortex XSOAR . Filter all EWS Item names with a particular extension.

In this example, we want to filter all EWS Item names that have the extension exe.

playbook-context.png
  1. From the Filters & transformers window, in the Get field, type EWS.Items.Name to extract all Item names in EWS.

    Cortex XSOAR calculates that the context root to filter is EWS.Items.

    playbook-ews-filter.png
  2. In the Filter section, click Add filter.

  3. In the left-hand side, add Extension to the filter.

  4. Select Equals (String) → ignore case.

  5. In the right-hand side, add exe.

    playbook-filter-ews.png
  6. Click the checkbox to save the filter.

  7. Click Test.

    You can see we have filtered all item names that have the extension exe.

    playbook-test-v6.png