Skip to main content

Responses are generated using AI and may contain mistakes.

Threat Detection ManagementThreat Detection Management Guide

Context Operations Using Analytics Rule Syntax

Evaluate and retrieve data from context tables using analytics rule syntax.

Function

Description

Returned Value

Examples

ContextListContains( "table", value)

Checks whether the context table table contains value.

Returns false if the context table doesn't exist or is unsupported.

Boolean

ContextListContains("CompanyNames", Exabeam) returns true if Exabeam exists in the CompanyNames context table

ContextListContains('SuspiciousDomains', getDomainFromURL(url)) returns true if url is http://malicious.com/phishing and the domain malicious.com is in the SuspiciousDomains context table.

GetContextAttribute("table", "key", "attribute")

Retrieves attribute from context table table using key.

key and attribute must be CIM 2.0 fields.

Value of attribute

GetContextAttribute("AD Table", user, "email address") returns the email address for the user entity associated with the event.

GetDynamicContextAttribute(key, attribute)

COMING SOON

COMING SOON

COMING SOON