Reference: Action Filters
Click to view navigation pane

Reference: Action Filters

You can form the search query using the filters we provide to refine the search for actions.

action.name

Use quotes or backticks within values to find actions with certain name.

Examples

Find actions with name

action.name: Post to Slack Channel

Find actions that contain parts of the name

action.name: "Post to Slack Channel"

Find actions that match exact value

action.name: `Post to Slack Channel`

action.description

Use quotes or backticks within values to find actions with certain description.

Examples

Find actions with description

action.description: creates alert by posting to slack channel

Find actions that contain parts of the description

action.description: "creates alert by posting to slack channel"

Find actions that match exact value

action.description: `creates alert by posting to slack channel`

action.type

Use a text value ##### to find actions with certain type (Email, slack or pagerduty).

Example

Find actions of type

action.type: SLACK

action.createdBy

Use quotes or backticks within values to find actions created by a certain user.

Examples

Find actions created by user

action.createdBy: Joe Smith

Find actions that contain parts of the user name

action.createdBy: "Joe Smith"

Find actions that match exact value

action.createdBy: `Joe Smith`

action.createdById

Use quotes or backticks within values to find actions created by a certain user ID.

Examples

Find actions created by user ID

action.createdById: jsmith

Find actions that contain parts of the user ID

action.createdById: "jsmith"

Find actions that match exact value

action.createdById: `jsmith`

action.updatedBy

Use quotes or backticks within values to find actions updated by a certain user.

Examples

Find actions updated by user

action.updatedBy: Joe Smith

Find actions that contain parts of the user name

action.updatedBy: "Joe Smith"

Find actions that match exact value

action.updatedBy: `Joe Smith`

action.updatedById

Use quotes or backticks within values to find actions updated by a certain user ID.

Examples

Find actions updated by user ID

action.updatedById: jsmith

Find actions that contain parts of the user ID

action.updatedById: "jsmith"

Find actions that match exact value

action.updatedById: `jsmith`

action.active

Use an Integer value ##### to find actions with certain number of active rules.

Examples

Find action with 3 active rules

action.active : 3

Find action with more than 3 active rules

action.active > 3

action.disabled

Use an Integer value ##### to find actions with certain number of disabled rules.

Examples

Find action with 3 disabled rules

action.disabled : 3

Find action with more than 3 disabled rules

action.disabled > 3

action.createdDate

Use a date range or specific date to find when actions were created.

Examples

Show actions created within certain dates

action.createdDate: [2018-02-01 ... 2018-02-12]

Show actions created starting 2018-02-01, ending 1 month ago

action.createdDate: [2018-02-01 ... now-1M]

Show actions created starting 2 weeks ago, ending 1 second ago

action.createdDate: [now-2w ... now-1s]

Show actions created on certain date

action.createdDate:'2018-02-22'

action.updatedDate

Use a date range or specific date to find when actions were last modified.

Examples

Show actions updated within certain dates

action.updatedDate: [2018-02-01 ... 2018-02-12]

Show actions updated starting 2018-02-01, ending 1 month ago

action.updatedDate: [2018-02-01 ... now-1M]

Show actions updated starting 2 weeks ago, ending 1 second ago

action.updatedDate: [now-2w ... now-1s]

Show actions updated on certain date

action.updatedDate:'2018-02-22'

action.emailRecipient

Use quotes or backticks within values to find actions with certain email recipients.

Examples

Find actions with email recipient

action.emailRecipient: secops-alert@mycompany.com

Find actions that contain parts of the email recipient

action.emailRecipient: "secops-alert@mycompany.com"

Find actions that match exact value

action.emailRecipient: `secops-alert@mycompany.com`

action.subject

Use quotes or backticks within values to find actions with certain text in the subject (email or pagerduty subject).

Examples

Find actions with subject

action.subject: warning

Find actions that contain parts of the subject

action.subject: "warning"

Find actions that match exact value

action.subject: `warning`

action.slackChannel

Use quotes or backticks within values to find actions with certain slack channel name.

Examples

Find actions with slack channel

action.slackChannel: Sec Ops

Find actions that contain parts of the slack channel name

action.slackChannel: "Sec Ops"

Find actions that match exact value

action.slackChannel: `Sec Ops`

action.slackWebhookUri

Use quotes or backticks within values to find actions with certain Slack Webhook URI.

Examples

Find actions with Slack Webhook URI

action.slackWebhookUri: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX

Find actions that contain parts of the Slack Webhook URI

action.slackWebhookUri: "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX"

Find actions that match exact value

action.slackWebhookUri: `https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX`

action.pagerdutyServiceKey

Use quotes or backticks within values to find actions with certain pagerduty service key.

Examples

Find actions with pagerduty service key

action.pagerdutyServiceKey: 78c52868deb562fcbad765275da

Find actions that contain parts of the pagerduty service key

action.pagerdutyServiceKey: "78c52868deb562fcbad765275da"

Find actions that match exact value

action.pagerdutyServiceKey: `78c52868deb562fcbad765275da`