AI 助理
备案控制台
官方文档
输入文档关键字查找
首页 云安全中心 操作指南 威胁分析与响应 响应编排 流程组件说明 filter组件

filter组件

更新时间:
产品详情
我的收藏

filter组件主要提供数据过滤功能。

功能描述

动作

描述

使用场景

filter

对某个节点的数据进行过滤。

对某个节点的数据进行过滤,筛选出符合规则的数据。

组件配置示例

本文提供了filter组件各动作的参数配置示例,您可将其作为测试剧本导入。通过可视化流程编辑器,能更直观地了解和测试各动作的配置参数,轻松掌握组件的功能逻辑与使用方式。操作步骤可参考剧本导入

说明

请先将示例数据保存为JSON文件,再导入编辑器中。

示例数据

{
    "cells": [
        {
            "position": {
                "x": -770,
                "y": -170
            },
            "size": {
                "width": 36,
                "height": 36
            },
            "attrs": {
                "body": {
                    "fill": "white",
                    "strokeOpacity": 0.95,
                    "stroke": "#63ba4d",
                    "strokeWidth": 2
                },
                "label": {
                    "text": "start",
                    "fontSize": 12,
                    "refX": 0.5,
                    "refY": "100%",
                    "refY2": 4,
                    "textAnchor": "middle",
                    "textVerticalAnchor": "top"
                },
                "path": {
                    "stroke": "#63ba4d"
                }
            },
            "visible": true,
            "shape": "circle",
            "id": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4",
            "zIndex": 1,
            "data": {
                "nodeType": "startEvent",
                "appType": "basic",
                "nodeName": "start",
                "icon": "icon-circle",
                "description": "剧本开始节点,一个剧本必须有且仅有一个开始节点,需为剧本配置输入数据。"
            },
            "markup": [
                {
                    "tagName": "circle",
                    "selector": "body"
                },
                {
                    "tagName": "text",
                    "selector": "label"
                }
            ],
            "isNode": true
        },
        {
            "shape": "custom-edge",
            "attrs": {
                "line": {
                    "stroke": "#63ba4d",
                    "targetMarker": {
                        "stroke": "#63ba4d"
                    }
                }
            },
            "zIndex": 1,
            "id": "5293c3f9-e1c9-4a49-b0eb-635067dc67e8",
            "data": {
                "nodeType": "sequenceFlow",
                "appType": "basic",
                "isRequired": true,
                "icon": "icon-upper-right-arrow"
            },
            "isNode": false,
            "source": {
                "cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
            },
            "target": {
                "cell": "c1b02b5a-b343-48c9-8e17-984abf6965ed"
            },
            "visible": true,
            "router": {
                "name": "manhattan",
                "args": {
                    "padding": 5,
                    "excludeHiddenNodes": true,
                    "excludeNodes": [
                        "clone_node_id"
                    ]
                }
            },
            "vertices": [

            ]
        },
        {
            "position": {
                "x": 80,
                "y": -170
            },
            "size": {
                "width": 36,
                "height": 36
            },
            "attrs": {
                "body": {
                    "fill": "white",
                    "strokeOpacity": 0.95,
                    "stroke": "#63ba4d",
                    "strokeWidth": 2
                },
                "path": {
                    "r": 12,
                    "refX": "50%",
                    "refY": "50%",
                    "fill": "#63ba4d",
                    "strokeOpacity": 0.95,
                    "stroke": "#63ba4d",
                    "strokeWidth": 4
                },
                "label": {
                    "text": "end",
                    "fontSize": 12,
                    "refX": 0.5,
                    "refY": "100%",
                    "refY2": 4,
                    "textAnchor": "middle",
                    "textVerticalAnchor": "top"
                }
            },
            "visible": true,
            "shape": "circle",
            "id": "317dd1be-2d20-460e-977e-1fc936ffb583",
            "zIndex": 1,
            "data": {
                "nodeType": "endEvent",
                "appType": "basic",
                "nodeName": "end",
                "icon": "icon-radio-off-full",
                "description": "end"
            },
            "markup": [
                {
                    "tagName": "circle",
                    "selector": "body"
                },
                {
                    "tagName": "circle",
                    "selector": "path"
                },
                {
                    "tagName": "text",
                    "selector": "label"
                }
            ],
            "isNode": true
        },
        {
            "position": {
                "x": -380,
                "y": -185
            },
            "size": {
                "width": 137,
                "height": 66
            },
            "view": "react-shape-view",
            "attrs": {
                "label": {
                    "text": "filter"
                }
            },
            "shape": "activity",
            "id": "41ac8fbf-0390-4b1c-9d44-b91150a607a3",
            "data": {
                "componentName": "filter",
                "appType": "component",
                "nodeType": "action",
                "icon": "https://img.alicdn.com/imgextra/i3/O1CN01zYP1Bk1msd4DgMiBa_!!6000000005010-55-tps-22-22.svg",
                "ownType": "sys",
                "zIndex": 1,
                "customInput": false,
                "operateType": "general",
                "name": "filter",
                "nodeName": "filter",
                "actionName": "filter",
                "actionDisplayName": "filter",
                "cascaderValue": [
                    {
                        "label": "DataFormat",
                        "value": "${DataFormat}",
                        "children": [
                            {
                                "label": "DataFormat.total_data_with_dup",
                                "name": "DataFormat.total_data_with_dup",
                                "value": "${DataFormat.total_data_with_dup}"
                            },
                            {
                                "label": "DataFormat.datalist.*.name",
                                "name": "DataFormat.datalist.*.name",
                                "value": "${DataFormat.datalist.*.name}"
                            },
                            {
                                "label": "DataFormat.total_exe_successful",
                                "name": "DataFormat.total_exe_successful",
                                "value": "${DataFormat.total_exe_successful}"
                            },
                            {
                                "label": "DataFormat.total_data",
                                "name": "DataFormat.total_data",
                                "value": "${DataFormat.total_data}"
                            },
                            {
                                "label": "DataFormat.total_exe",
                                "name": "DataFormat.total_exe",
                                "value": "${DataFormat.total_exe}"
                            },
                            {
                                "label": "DataFormat.status",
                                "name": "DataFormat.status",
                                "value": "${DataFormat.status}"
                            },
                            {
                                "label": "DataFormat.total_data_successful",
                                "name": "DataFormat.total_data_successful",
                                "value": "${DataFormat.total_data_successful}"
                            }
                        ]
                    }
                ],
                "valueData": {
                    "upstreamNode": "DataFormat",
                    "condition": "{\"condition\":\"AND\",\"rules\":[{\"field\":\"${DataFormat.datalist.*.name}\",\"value\":[\"test1\"],\"match\":\"is\",\"type\":\"string\",\"valueSource\":\"value\"}]}"
                },
                "status": "success"
            },
            "zIndex": 1
        },
        {
            "shape": "custom-edge",
            "attrs": {
                "line": {
                    "stroke": "#63ba4d",
                    "targetMarker": {
                        "stroke": "#63ba4d"
                    }
                }
            },
            "zIndex": 1,
            "id": "3e5126c8-61ce-4582-9fcd-49e3fca844ea",
            "data": {
                "nodeType": "sequenceFlow",
                "appType": "basic",
                "isRequired": true,
                "icon": "icon-upper-right-arrow"
            },
            "isNode": false,
            "visible": true,
            "router": {
                "name": "manhattan",
                "args": {
                    "padding": 5,
                    "excludeHiddenNodes": true,
                    "excludeNodes": [
                        "clone_node_id"
                    ]
                }
            },
            "source": {
                "cell": "41ac8fbf-0390-4b1c-9d44-b91150a607a3"
            },
            "target": {
                "cell": "437f1a16-609f-40d9-9ac8-5d9bd8aeafcd"
            },
            "vertices": [

            ]
        },
        {
            "position": {
                "x": -165,
                "y": -185
            },
            "size": {
                "width": 137,
                "height": 66
            },
            "view": "react-shape-view",
            "attrs": {
                "label": {
                    "text": "DataFormat_2"
                }
            },
            "shape": "activity",
            "id": "437f1a16-609f-40d9-9ac8-5d9bd8aeafcd",
            "data": {
                "componentName": "DataFormat",
                "appType": "component",
                "nodeType": "action",
                "icon": "https://sophon-gen-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1719222281702_DataFormat_logo.png?Expires=1745654600&OSSAccessKeyId=STS. NXW5************&Signature=j5SXLh%2Fw5b4PhkhzWa%2FWgl%2BGWRQ%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vifvv6269M2bWOYV%2FojmsWNLhPgrXsiTz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb40Y6HzyK0s%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2Bo58zxrcUGin%2B2svzhw6RGJ1dq8DgINtD0jokjPndRVbLXs84nxS7gbsGn76oY2zradH%2FdU4J6tvBMytAXxqAAYb6jxZjLe7TMmktKoKJDPNYGnTAeViZJKpduCT2k7DBuEUN%2B%2B8fsvmMKsLLycLOYmqBqU%2FB4%2Fdy5Muz%2B6WDAQFoEDgzB17wouEZsoQG5EoCHljEH6DBajdzaAaISFedQrIaeBqEJIrLqLMKQlSqas3HEp8VqOaseKoWLb5PDxTGIAA%3D",
                "ownType": "sys",
                "zIndex": 1,
                "tenantId": "baba",
                "customInput": false,
                "description": "产生一个新的数据",
                "id": 0,
                "name": "formatdata",
                "operateType": "general",
                "output": [

                ],
                "parameters": [
                    {
                        "dataType": "Complex",
                        "defaultValue": "",
                        "description": "要转换生成的数据",
                        "enDescription": "",
                        "name": "outputFields",
                        "needCascader": false,
                        "required": false,
                        "tags": ""
                    }
                ],
                "riskLevel": 2,
                "nodeName": "DataFormat_2",
                "actionName": "formatdata",
                "actionDisplayName": "formatdata",
                "cascaderValue": [
                    {
                        "label": "filter_1",
                        "value": "${filter_1}",
                        "children": [
                            {
                                "label": "filter_1.failedReason",
                                "name": "filter_1.failedReason",
                                "value": "${filter_1.failedReason}"
                            },
                            {
                                "label": "filter_1.total_exe_successful",
                                "name": "filter_1.total_exe_successful",
                                "value": "${filter_1.total_exe_successful}"
                            },
                            {
                                "label": "filter_1.status",
                                "name": "filter_1.status",
                                "value": "${filter_1.status}"
                            },
                            {
                                "label": "filter_1.filter_total_data_successful",
                                "name": "filter_1.filter_total_data_successful",
                                "value": "${filter_1.filter_total_data_successful}"
                            },
                            {
                                "label": "filter_1.total_data_successful",
                                "name": "filter_1.total_data_successful",
                                "value": "${filter_1.total_data_successful}"
                            },
                            {
                                "label": "filter_1.total_data_with_dup",
                                "name": "filter_1.total_data_with_dup",
                                "value": "${filter_1.total_data_with_dup}"
                            },
                            {
                                "label": "filter_1.filter_total_data",
                                "name": "filter_1.filter_total_data",
                                "value": "${filter_1.filter_total_data}"
                            },
                            {
                                "label": "filter_1.total_data",
                                "name": "filter_1.total_data",
                                "value": "${filter_1.total_data}"
                            },
                            {
                                "label": "filter_1.total_exe",
                                "name": "filter_1.total_exe",
                                "value": "${filter_1.total_exe}"
                            }
                        ]
                    },
                    {
                        "label": "DataFormat",
                        "value": "${DataFormat}",
                        "children": [

                        ]
                    }
                ],
                "valueData": {
                    "outputFields": "[{\"fieldName\":\"name\",\"fieldValue\":\"${filter.datalist.*.name}\"}]"
                },
                "status": "success"
            },
            "zIndex": 1
        },
        {
            "shape": "custom-edge",
            "attrs": {
                "line": {
                    "stroke": "#63ba4d",
                    "targetMarker": {
                        "stroke": "#63ba4d"
                    }
                }
            },
            "zIndex": 1,
            "id": "b299b622-6607-4284-b05d-aa8339eee601",
            "data": {
                "nodeType": "sequenceFlow",
                "appType": "basic",
                "isRequired": true,
                "icon": "icon-upper-right-arrow"
            },
            "isNode": false,
            "visible": true,
            "router": {
                "name": "manhattan",
                "args": {
                    "padding": 5,
                    "excludeHiddenNodes": true,
                    "excludeNodes": [
                        "clone_node_id"
                    ]
                }
            },
            "source": {
                "cell": "437f1a16-609f-40d9-9ac8-5d9bd8aeafcd"
            },
            "target": {
                "cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
            },
            "vertices": [

            ]
        },
        {
            "position": {
                "x": -610,
                "y": -190
            },
            "size": {
                "width": 137,
                "height": 66
            },
            "view": "react-shape-view",
            "attrs": {
                "label": {
                    "text": "DataFormat"
                }
            },
            "shape": "activity",
            "id": "c1b02b5a-b343-48c9-8e17-984abf6965ed",
            "data": {
                "componentName": "DataFormat",
                "appType": "component",
                "nodeType": "action",
                "icon": "https://sophon-gen-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1719222281702_DataFormat_logo.png?Expires=1745654600&OSSAccessKeyId=STS. NXW5************&Signature=j5SXLh%2Fw5b4PhkhzWa%2FWgl%2BGWRQ%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vifvv6269M2bWOYV%2FojmsWNLhPgrXsiTz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb40Y6HzyK0s%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2Bo58zxrcUGin%2B2svzhw6RGJ1dq8DgINtD0jokjPndRVbLXs84nxS7gbsGn76oY2zradH%2FdU4J6tvBMytAXxqAAYb6jxZjLe7TMmktKoKJDPNYGnTAeViZJKpduCT2k7DBuEUN%2B%2B8fsvmMKsLLycLOYmqBqU%2FB4%2Fdy5Muz%2B6WDAQFoEDgzB17wouEZsoQG5EoCHljEH6DBajdzaAaISFedQrIaeBqEJIrLqLMKQlSqas3HEp8VqOaseKoWLb5PDxTGIAA%3D",
                "ownType": "sys",
                "zIndex": 1,
                "tenantId": "baba",
                "customInput": false,
                "description": "把输入数据转换为JSON类型的。如果是JSONArray,则把所有的数组直接放到datalist中。如果是JSONObject,则作为datalist的一行数据",
                "id": 0,
                "name": "convertToJSON",
                "operateType": "general",
                "parameters": [
                    {
                        "dataType": "Text",
                        "defaultValue": "",
                        "description": "输入数据",
                        "name": "inputData",
                        "needCascader": false,
                        "required": false
                    }
                ],
                "riskLevel": 2,
                "nodeName": "DataFormat",
                "actionName": "convertToJSON",
                "actionDisplayName": "convertToJSON",
                "cascaderValue": [

                ],
                "valueData": {
                    "inputData": "[{\"name\":\"test\"},{\"name\":\"test1\"}]"
                },
                "status": "success"
            },
            "zIndex": 1
        },
        {
            "shape": "custom-edge",
            "attrs": {
                "line": {
                    "stroke": "#63ba4d",
                    "targetMarker": {
                        "stroke": "#63ba4d"
                    }
                }
            },
            "zIndex": 1,
            "id": "d87ef9c5-9ce1-4a0a-81c3-5bbb1fc22c6a",
            "data": {
                "nodeType": "sequenceFlow",
                "appType": "basic",
                "isRequired": true,
                "icon": "icon-upper-right-arrow"
            },
            "isNode": false,
            "visible": true,
            "router": {
                "name": "manhattan",
                "args": {
                    "padding": 5,
                    "excludeHiddenNodes": true,
                    "excludeNodes": [
                        "clone_node_id"
                    ]
                }
            },
            "source": {
                "cell": "c1b02b5a-b343-48c9-8e17-984abf6965ed"
            },
            "target": {
                "cell": "41ac8fbf-0390-4b1c-9d44-b91150a607a3"
            },
            "vertices": [

            ]
        }
    ]
}

filter

将符合条件的数据,传入下个节点。

参数说明

参数

说明

选择节点

要过滤数据的节点。

条件

支持多组合条件,默认为一个条件组。

条件配置说明

SOAR提供了可视化页面来配置filter组件的条件规则,界面说明如下:

image

序号

说明

1-逻辑运算符

AND:所有的条件都要满足。

OR:满足条件之一即可。

重要

逻辑运算符只能决定同一组内部的不同规则的逻辑关系

2-取反开关

对当前组的条件判断取反。

3-增加组内规则

增加组内一条规则,组内多条规则的逻辑关系由左上角1-逻辑运算符决定。

4-增加条件组

单击增加一组筛选条件。

重要

不同组之间的条件固定为AND的关系,不受1-逻辑运算符影响。

5-条件字段

支持输入表达式、常量,通常为前置节点的输出字段。

6-条件判断规则

支持字符串(String)、数字(Number)、观察列表(Dataset)的IN、=等操作。具体说明参考下文filter组件

7-条件值

支持输入表达式、常量。

条件配置示例

image.png

以上图为例,当node节点中namejohnaliceage在 12 到 20 之间(含边界值)将判定为符合条件。

条件判断规则说明

规则名称

规则说明

备注

NOT IN IP Dataset

不在IP观察列表中。

观察列表需要在“云安全中心-威胁分析与响应-接入中心-观察列表”中配置后才可以选择。

IN IP Dataset

IP观察列表中。

NOT IN Dataset

不在观察列表中。

IN Dataset

在观察列表中。

String| 等于

等于。

String| 不等于

不等于。

String| 包含

包含。

示例:abc 包含 bc。

String| 不包含

不包含。

示例:abc 不包含 d。

String| 以此开头

以此开头。

示例:abc 以 ab 开头。

String| 以此结尾

以此结尾。

示例:abc 以 bc结尾。

String| 不以此结尾

不以此结尾。

示例:abc 不以 ab结尾。

String| 正则匹配

正则匹配。

示例:abcabc 匹配 (abc)+。

String| 非正则匹配

非正则匹配。

示例:abab 不匹配 (abc)+。

String| 为空

是空字符串。

空字符串、null、NULL都认为是空字符串。

String| 不为空

不是空字符串。

Number| 等于

等于。

Number| 不等于

不等于。

Number| 大于

大于。

Number| 大于等于

大于等于。

Number| 小于

小于。

Number| 小于等于

小于等于。

Number| 范围

数字条件值是否字在配置范围内。格式为“数值,数值”。

示例:1处于 -1,5的范围。

上一篇:NotifyMessage组件下一篇:ThreatIntelligence组件