Cortex XDR XQL comp min aggregate returns the minimum value seen for the field in the result set.
comp min(<field>) [as <alias>] by <field_1>,<field_2>
minaggregation is a comp function that returns the minimum value of an integer field, for all records that contain matching values for the fields identified in the
Return the minimum value of the
action_total_downloadfield for all records that have matching values for their
dataset = xdr_data | fields actor_process_image_path as Process_Path, actor_process_command_line as Process_CMD, action_total_download as Download | filter Download > 0 | comp min(Download) as min_download by Process_Path, Process_CMD
Recommended For You
Recommended videos not found.