Supported Operators

Cortex XDR XQL supports specific comparison, boolean, and set operators.
The comparison, boolean, and string and range operators that you can use with XQL queries are described below.

Comparison Operators

Operator
Description
=, !=
Equal, Not equal
<, <=
Less than, Less than or equal to
>, >=
Greater than, Greater than or equal to

Boolean Operators

Operator
Description
and
Boolean and
or
Boolean or

String and Range Operators

Operator
Description
IN, NOT IN
Returns true if the field value is in the specified range, inclusive. For example:
action_local_port in(5900,5999)
CONTAINS, NOT CONTAINS
Performs a substring search. Returns True if the specified string is contained in the field. For example:
lowercase(actor_process_image_name) contains "psexec"
~=
Matches a regular expression. For example:
action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"

Recommended For You