Filter Operators

filters operations
Filters enable you to extract relevant data for use elsewhere in Cortex XSOAR. For example, if an incident has several files with varying file types and extensions, you can filter the files by file extension or file type, and use the filtered files in a detonation playbook.
Note the following:
  • Filters try to cast the transformed value and arguments to the appropriate type. The task fails if casting fails. For example, “a” Equals {“some”: “object”} => Error
  • If the filter's left-side value expects a single item, but receives a list, the filter passes if at least one item meets the requirements. For example, [“a”, “b”, “c”] Equals “b” => true.
  • If the filter's left-side value expects a list, but receives a single item, it converts it to a list with a single item. For example, “a” Contains “a” => True.
  • Some filters are implemented as automations, meaning custom transformers, automation with the filter tag. You can find examples in the automation description. For more information about creating custom filters, Create Custom Filter and Transformer Operators.
  • Filters in conditional tasks do not iterate the items of the root. Instead, they fetch the left-side value and the right-side value, and compares between them.
Filter Categories
  • Boolean
    : Determines whether a Cortex XSOAR field is true or false, or the string representation is true or false.
  • Date
    : Determines whether the left-side time value is earlier than, later than, or the same time as the right-side time value.
    Supported time and date formats:
    Format
    Example
    ANSIC
    Tues Jan _2 15:04:05 2019
    UnixDate
    Tues Jan _2 15:04:05 MST 2019
    RubyDate
    Tues Jan 02 15:04:05 -0700 2019
    RFC822
    02 Jan 19 15:04 MST
    RFC822Z
    02 Jan 19 15:04 -0700 // RFC822 with numeric zone
    RFC850
    Tuesday, 02-Jan-19 15:04:05 MST
    RFC1123
    Tues, 02 Jan 2019 15:04:05 MST
    RFC1123Z
    Tues, 02 Jan 2019 15:04:05 -0700 // RFC1123 with numeric zone
    RFC3339
    2019-01-02T15:04:05Z07:00
    RFC3339Nano
    2019-01-02T15:04:05.999999999Z07:00
    Kitchen
    3.04PM
    Stamp
    Jan _2 15:04:05
    StampMilli
    Jan _2 15:04:05.000
    StampMicro
    Jan _2 15:04:05.000000
    StampNano
    Jan _2 15:04:05.000000000
  • General
    : Includes general filters, such as contains, doesn’t contain, In, empty, etc.
  • String
    : Determines the relationship between the left-side string value and the right-side string value, such as starts with, includes, in list, and so on. The string filter returns partial matches as True.
  • Number
    : Determines the relationship between the left-side number value and the right-side number value, such as equals, greater than, less than, etc.
  • Unknown
    : Miscellaneous filter category.

Recommended For You