IoCExport > Filter

Defines the filtering rules for data to be exported.

Path

IoCExports > IoCExport > Filter

Attributes

This element has the following attributes.

Filter element attributes

Attribute

Description

field

Specifies the name of the field to which filtering rules are applied and /or which must be exported.

You can specify indicator attribute names from the indicator database. For the list of possible names, see section "Working with indicators"

The name can be in a range from 2 to 255 characters in length, must contain only lowercase ASCII characters and cannot begin with a hyphen ('-'), a plus ('+') and an underscore ('_'). The space symbol (' ') and the tab symbol cannot be used. Also, the attribute name cannot contain the following characters: ',', '|', '>', '<', '"', '*', '?', ':', '\', '/'.

This attribute is mandatory.

value

Specifies filtering criteria for the field.

It is allowed to use a %NOW% value (this template is case-insensitive) that contains a current system time and any value that meets the requirements described in the "Working with indicators" section. You may add a number to this value or subtract a number (for example, specify %NOW%-7 for the left boundary and %NOW% for the right boundary).

This attribute is mandatory.

included

Specifies whether the field values must be included in the report file.

If the field values must be included to the report file, the value is true.

If the field values must not be included in the report file, the value is false.

This attribute is mandatory.

output_name

Specifies the name of the field that must contain the values from the exported field.

This attribute is mandatory if the following requirements are met:

  • The value of the IoCExport > create_header attribute is true
  • The value of the Filter > included attribute is true

sort

Specifies the sorting order for field values.

The following values are possible:

  • asc

    Values will be sorted in ascending order.

  • desc

    Values will be sorted in descending order.

    This attribute is optional.

Example

The following is an example of this element.

<Filter field="ioc_type" value="MD5;SHA1" sort="desc" included="false"/>

<Filter field="supplier_name" value="IP Reputation Data Feed" included="true" output_name="feed"/>

<Filter field="supplier_confidence" value="*" included="false"/>

<Filter field="added_timestamp" value="[*;25.12.2019]" sort="asc" included="false"/>

Page top