filter组件-云安全中心(Security Center)-阿里云帮助中心

功能描述

动作	描述	使用场景
filter	对某个节点的数据进行过滤。	对某个节点的数据进行过滤，筛选出符合规则的数据。

组件配置示例

本文提供了filter组件各动作的参数配置示例，您可将其作为测试剧本导入。通过可视化流程编辑器，能更直观地了解和测试各动作的配置参数，轻松掌握组件的功能逻辑与使用方式。操作步骤可参考剧本导入。

说明

请先将示例数据保存为JSON文件，再导入编辑器中。

示例数据

{
    "cells": [
        {
            "position": {
                "x": -770,
                "y": -170
            },
            "size": {
                "width": 36,
                "height": 36
            },
            "attrs": {
                "body": {
                    "fill": "white",
                    "strokeOpacity": 0.95,
                    "stroke": "#63ba4d",
                    "strokeWidth": 2
                },
                "label": {
                    "text": "start",
                    "fontSize": 12,
                    "refX": 0.5,
                    "refY": "100%",
                    "refY2": 4,
                    "textAnchor": "middle",
                    "textVerticalAnchor": "top"
                },
                "path": {
                    "stroke": "#63ba4d"
                }
            },
            "visible": true,
            "shape": "circle",
            "id": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4",
            "zIndex": 1,
            "data": {
                "nodeType": "startEvent",
                "appType": "basic",
                "nodeName": "start",
                "icon": "icon-circle",
                "description": "剧本开始节点，一个剧本必须有且仅有一个开始节点，需为剧本配置输入数据。"
            },
            "markup": [
                {
                    "tagName": "circle",
                    "selector": "body"
                },
                {
                    "tagName": "text",
                    "selector": "label"
                }
            ],
            "isNode": true
        },
        {
            "shape": "custom-edge",
            "attrs": {
                "line": {
                    "stroke": "#63ba4d",
                    "targetMarker": {
                        "stroke": "#63ba4d"
                    }
                }
            },
            "zIndex": 1,
            "id": "5293c3f9-e1c9-4a49-b0eb-635067dc67e8",
            "data": {
                "nodeType": "sequenceFlow",
                "appType": "basic",
                "isRequired": true,
                "icon": "icon-upper-right-arrow"
            },
            "isNode": false,
            "source": {
                "cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
            },
            "target": {
                "cell": "c1b02b5a-b343-48c9-8e17-984abf6965ed"
            },
            "visible": true,
            "router": {
                "name": "manhattan",
                "args": {
                    "padding": 5,
                    "excludeHiddenNodes": true,
                    "excludeNodes": [
                        "clone_node_id"
                    ]
                }
            },
            "vertices": [
            ]
        },
        {
            "position": {
                "x": 80,
                "y": -170
            },
            "size": {
                "width": 36,
                "height": 36
            },
            "attrs": {
                "body": {
                    "fill": "white",
                    "strokeOpacity": 0.95,
                    "stroke": "#63ba4d",
                    "strokeWidth": 2
                },
                "path": {
                    "r": 12,
                    "refX": "50%",
                    "refY": "50%",
                    "fill": "#63ba4d",
                    "strokeOpacity": 0.95,
                    "stroke": "#63ba4d",
                    "strokeWidth": 4
                },
                "label": {
                    "text": "end",
                    "fontSize": 12,
                    "refX": 0.5,
                    "refY": "100%",
                    "refY2": 4,
                    "textAnchor": "middle",
                    "textVerticalAnchor": "top"
                }
            },
            "visible": true,
            "shape": "circle",
            "id": "317dd1be-2d20-460e-977e-1fc936ffb583",
            "zIndex": 1,
            "data": {
                "nodeType": "endEvent",
                "appType": "basic",
                "nodeName": "end",
                "icon": "icon-radio-off-full",
                "description": "end"
            },
            "markup": [
                {
                    "tagName": "circle",
                    "selector": "body"
                },
                {
                    "tagName": "circle",
                    "selector": "path"
                },
                {
                    "tagName": "text",
                    "selector": "label"
                }
            ],
            "isNode": true
        },
        {
            "position": {
                "x": -380,
                "y": -185
            },
            "size": {
                "width": 137,
                "height": 66
            },
            "view": "react-shape-view",
            "attrs": {
                "label": {
                    "text": "filter"
                }
            },
            "shape": "activity",
            "id": "41ac8fbf-0390-4b1c-9d44-b91150a607a3",
            "data": {
                "componentName": "filter",
                "appType": "component",
                "nodeType": "action",
                "icon": "https://img.alicdn.com/imgextra/i3/O1CN01zYP1Bk1msd4DgMiBa_!!6000000005010-55-tps-22-22.svg",
                "ownType": "sys",
                "zIndex": 1,
                "customInput": false,
                "operateType": "general",
                "name": "filter",
                "nodeName": "filter",
                "actionName": "filter",
                "actionDisplayName": "filter",
                "cascaderValue": [
                    {
                        "label": "DataFormat",
                        "value": "${DataFormat}",
                        "children": [
                            {
                                "label": "DataFormat.total_data_with_dup",
                                "name": "DataFormat.total_data_with_dup",
                                "value": "${DataFormat.total_data_with_dup}"
                            },
                            {
                                "label": "DataFormat.datalist.*.name",
                                "name": "DataFormat.datalist.*.name",
                                "value": "${DataFormat.datalist.*.name}"
                            },
                            {
                                "label": "DataFormat.total_exe_successful",
                                "name": "DataFormat.total_exe_successful",
                                "value": "${DataFormat.total_exe_successful}"
                            },
                            {
                                "label": "DataFormat.total_data",
                                "name": "DataFormat.total_data",
                                "value": "${DataFormat.total_data}"
                            },
                            {
                                "label": "DataFormat.total_exe",
                                "name": "DataFormat.total_exe",
                                "value": "${DataFormat.total_exe}"
                            },
                            {
                                "label": "DataFormat.status",
                                "name": "DataFormat.status",
                                "value": "${DataFormat.status}"
                            },
                            {
                                "label": "DataFormat.total_data_successful",
                                "name": "DataFormat.total_data_successful",
                                "value": "${DataFormat.total_data_successful}"
                            }
                        ]
                    }
                ],
                "valueData": {
                    "upstreamNode": "DataFormat",
                    "condition": "{\"condition\":\"AND\",\"rules\":[{\"field\":\"${DataFormat.datalist.*.name}\",\"value\":[\"test1\"],\"match\":\"is\",\"type\":\"string\",\"valueSource\":\"value\"}]}"
                },
                "status": "success"
            },
            "zIndex": 1
        },
        {
            "shape": "custom-edge",
            "attrs": {
                "line": {
                    "stroke": "#63ba4d",
                    "targetMarker": {
                        "stroke": "#63ba4d"
                    }
                }
            },
            "zIndex": 1,
            "id": "3e5126c8-61ce-4582-9fcd-49e3fca844ea",
            "data": {
                "nodeType": "sequenceFlow",
                "appType": "basic",
                "isRequired": true,
                "icon": "icon-upper-right-arrow"
            },
            "isNode": false,
            "visible": true,
            "router": {
                "name": "manhattan",
                "args": {
                    "padding": 5,
                    "excludeHiddenNodes": true,
                    "excludeNodes": [
                        "clone_node_id"
                    ]
                }
            },
            "source": {
                "cell": "41ac8fbf-0390-4b1c-9d44-b91150a607a3"
            },
            "target": {
                "cell": "437f1a16-609f-40d9-9ac8-5d9bd8aeafcd"
            },
            "vertices": [
            ]
        },
        {
            "position": {
                "x": -165,
                "y": -185
            },
            "size": {
                "width": 137,
                "height": 66
            },
            "view": "react-shape-view",
            "attrs": {
                "label": {
                    "text": "DataFormat_2"
                }
            },
            "shape": "activity",
            "id": "437f1a16-609f-40d9-9ac8-5d9bd8aeafcd",
            "data": {
                "componentName": "DataFormat",
                "appType": "component",
                "nodeType": "action",
                "icon": "https://sophon-gen-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1719222281702_DataFormat_logo.png?Expires=1745654600&OSSAccessKeyId=STS. NXW5************&Signature=j5SXLh%2Fw5b4PhkhzWa%2FWgl%2BGWRQ%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vifvv6269M2bWOYV%2FojmsWNLhPgrXsiTz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb40Y6HzyK0s%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2Bo58zxrcUGin%2B2svzhw6RGJ1dq8DgINtD0jokjPndRVbLXs84nxS7gbsGn76oY2zradH%2FdU4J6tvBMytAXxqAAYb6jxZjLe7TMmktKoKJDPNYGnTAeViZJKpduCT2k7DBuEUN%2B%2B8fsvmMKsLLycLOYmqBqU%2FB4%2Fdy5Muz%2B6WDAQFoEDgzB17wouEZsoQG5EoCHljEH6DBajdzaAaISFedQrIaeBqEJIrLqLMKQlSqas3HEp8VqOaseKoWLb5PDxTGIAA%3D",
                "ownType": "sys",
                "zIndex": 1,
                "tenantId": "baba",
                "customInput": false,
                "description": "产生一个新的数据",
                "id": 0,
                "name": "formatdata",
                "operateType": "general",
                "output": [
                ],
                "parameters": [
                    {
                        "dataType": "Complex",
                        "defaultValue": "",
                        "description": "要转换生成的数据",
                        "enDescription": "",
                        "name": "outputFields",
                        "needCascader": false,
                        "required": false,
                        "tags": ""
                    }
                ],
                "riskLevel": 2,
                "nodeName": "DataFormat_2",
                "actionName": "formatdata",
                "actionDisplayName": "formatdata",
                "cascaderValue": [
                    {
                        "label": "filter_1",
                        "value": "${filter_1}",
                        "children": [
                            {
                                "label": "filter_1.failedReason",
                                "name": "filter_1.failedReason",
                                "value": "${filter_1.failedReason}"
                            },
                            {
                                "label": "filter_1.total_exe_successful",
                                "name": "filter_1.total_exe_successful",
                                "value": "${filter_1.total_exe_successful}"
                            },
                            {
                                "label": "filter_1.status",
                                "name": "filter_1.status",
                                "value": "${filter_1.status}"
                            },
                            {
                                "label": "filter_1.filter_total_data_successful",
                                "name": "filter_1.filter_total_data_successful",
                                "value": "${filter_1.filter_total_data_successful}"
                            },
                            {
                                "label": "filter_1.total_data_successful",
                                "name": "filter_1.total_data_successful",
                                "value": "${filter_1.total_data_successful}"
                            },
                            {
                                "label": "filter_1.total_data_with_dup",
                                "name": "filter_1.total_data_with_dup",
                                "value": "${filter_1.total_data_with_dup}"
                            },
                            {
                                "label": "filter_1.filter_total_data",
                                "name": "filter_1.filter_total_data",
                                "value": "${filter_1.filter_total_data}"
                            },
                            {
                                "label": "filter_1.total_data",
                                "name": "filter_1.total_data",
                                "value": "${filter_1.total_data}"
                            },
                            {
                                "label": "filter_1.total_exe",
                                "name": "filter_1.total_exe",
                                "value": "${filter_1.total_exe}"
                            }
                        ]
                    },
                    {
                        "label": "DataFormat",
                        "value": "${DataFormat}",
                        "children": [
                        ]
                    }
                ],
                "valueData": {
                    "outputFields": "[{\"fieldName\":\"name\",\"fieldValue\":\"${filter.datalist.*.name}\"}]"
                },
                "status": "success"
            },
            "zIndex": 1
        },
        {
            "shape": "custom-edge",
            "attrs": {
                "line": {
                    "stroke": "#63ba4d",
                    "targetMarker": {
                        "stroke": "#63ba4d"
                    }
                }
            },
            "zIndex": 1,
            "id": "b299b622-6607-4284-b05d-aa8339eee601",
            "data": {
                "nodeType": "sequenceFlow",
                "appType": "basic",
                "isRequired": true,
                "icon": "icon-upper-right-arrow"
            },
            "isNode": false,
            "visible": true,
            "router": {
                "name": "manhattan",
                "args": {
                    "padding": 5,
                    "excludeHiddenNodes": true,
                    "excludeNodes": [
                        "clone_node_id"
                    ]
                }
            },
            "source": {
                "cell": "437f1a16-609f-40d9-9ac8-5d9bd8aeafcd"
            },
            "target": {
                "cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
            },
            "vertices": [
            ]
        },
        {
            "position": {
                "x": -610,
                "y": -190
            },
            "size": {
                "width": 137,
                "height": 66
            },
            "view": "react-shape-view",
            "attrs": {
                "label": {
                    "text": "DataFormat"
                }
            },
            "shape": "activity",
            "id": "c1b02b5a-b343-48c9-8e17-984abf6965ed",
            "data": {
                "componentName": "DataFormat",
                "appType": "component",
                "nodeType": "action",
                "icon": "https://sophon-gen-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1719222281702_DataFormat_logo.png?Expires=1745654600&OSSAccessKeyId=STS. NXW5************&Signature=j5SXLh%2Fw5b4PhkhzWa%2FWgl%2BGWRQ%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vifvv6269M2bWOYV%2FojmsWNLhPgrXsiTz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb40Y6HzyK0s%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2Bo58zxrcUGin%2B2svzhw6RGJ1dq8DgINtD0jokjPndRVbLXs84nxS7gbsGn76oY2zradH%2FdU4J6tvBMytAXxqAAYb6jxZjLe7TMmktKoKJDPNYGnTAeViZJKpduCT2k7DBuEUN%2B%2B8fsvmMKsLLycLOYmqBqU%2FB4%2Fdy5Muz%2B6WDAQFoEDgzB17wouEZsoQG5EoCHljEH6DBajdzaAaISFedQrIaeBqEJIrLqLMKQlSqas3HEp8VqOaseKoWLb5PDxTGIAA%3D",
                "ownType": "sys",
                "zIndex": 1,
                "tenantId": "baba",
                "customInput": false,
                "description": "把输入数据转换为JSON类型的。如果是JSONArray，则把所有的数组直接放到datalist中。如果是JSONObject，则作为datalist的一行数据",
                "id": 0,
                "name": "convertToJSON",
                "operateType": "general",
                "parameters": [
                    {
                        "dataType": "Text",
                        "defaultValue": "",
                        "description": "输入数据",
                        "name": "inputData",
                        "needCascader": false,
                        "required": false
                    }
                ],
                "riskLevel": 2,
                "nodeName": "DataFormat",
                "actionName": "convertToJSON",
                "actionDisplayName": "convertToJSON",
                "cascaderValue": [
                ],
                "valueData": {
                    "inputData": "[{\"name\":\"test\"},{\"name\":\"test1\"}]"
                },
                "status": "success"
            },
            "zIndex": 1
        },
        {
            "shape": "custom-edge",
            "attrs": {
                "line": {
                    "stroke": "#63ba4d",
                    "targetMarker": {
                        "stroke": "#63ba4d"
                    }
                }
            },
            "zIndex": 1,
            "id": "d87ef9c5-9ce1-4a0a-81c3-5bbb1fc22c6a",
            "data": {
                "nodeType": "sequenceFlow",
                "appType": "basic",
                "isRequired": true,
                "icon": "icon-upper-right-arrow"
            },
            "isNode": false,
            "visible": true,
            "router": {
                "name": "manhattan",
                "args": {
                    "padding": 5,
                    "excludeHiddenNodes": true,
                    "excludeNodes": [
                        "clone_node_id"
                    ]
                }
            },
            "source": {
                "cell": "c1b02b5a-b343-48c9-8e17-984abf6965ed"
            },
            "target": {
                "cell": "41ac8fbf-0390-4b1c-9d44-b91150a607a3"
            },
            "vertices": [
            ]
        }
    ]
}

filter

将符合条件的数据，传入下个节点。

参数说明

参数	说明
选择节点	要过滤数据的节点。
条件	支持多组合条件，默认为一个条件组。

条件配置说明

SOAR提供了可视化页面来配置filter组件的条件规则，界面说明如下：

序号	说明
1-逻辑运算符	AND：所有的条件都要满足。 OR：满足条件之一即可。重要逻辑运算符只能决定同一组内部的不同规则的逻辑关系。
2-取反开关	对当前组的条件判断取反。
3-增加组内规则	增加组内一条规则，组内多条规则的逻辑关系由左上角1-逻辑运算符决定。
4-增加条件组	单击增加一组筛选条件。重要不同组之间的条件固定为AND的关系，不受1-逻辑运算符影响。
5-条件字段	支持输入表达式、常量，通常为前置节点的输出字段。
6-条件判断规则	支持字符串（String）、数字（Number）、观察列表（Dataset）的IN、=等操作。具体说明参考下文filter组件。
7-条件值	支持输入表达式、常量。

条件判断规则说明

规则名称	规则说明	备注
NOT IN IP Dataset	不在IP观察列表中。	观察列表需要在“云安全中心-Agentic SOC-接入中心-观察列表”中配置后才可以选择。
IN IP Dataset	在IP观察列表中。
NOT IN Dataset	不在观察列表中。
IN Dataset	在观察列表中。
String\| 等于	等于。	无
String\| 不等于	不等于。	无
String\| 包含	包含。	示例：abc 包含 bc。
String\| 不包含	不包含。	示例：abc 不包含 d。
String\| 以此开头	以此开头。	示例：abc 以 ab 开头。
String\| 以此结尾	以此结尾。	示例：abc 以 bc结尾。
String\| 不以此结尾	不以此结尾。	示例：abc 不以 ab结尾。
String\| 正则匹配	正则匹配。	示例：abcabc 匹配 (abc)+。
String\| 非正则匹配	非正则匹配。	示例：abab 不匹配 (abc)+。
String\| 为空	是空字符串。	空字符串、null、NULL都认为是空字符串。
String\| 不为空	不是空字符串。	无
Number\| 等于	等于。	无
Number\| 不等于	不等于。	无
Number\| 大于	大于。	无
Number\| 大于等于	大于等于。	无
Number\| 小于	小于。	无
Number\| 小于等于	小于等于。	无
Number\| 范围	数字条件值是否字在配置范围内。格式为“数值,数值”。	示例：1处于 -1,5的范围。

条件配置示例

外层使用 AND 逻辑组，添加两条规则：字段路径为 ${node.datalist.*.age}，类型 Number，运算符分别为大于（>）和小于（<）；内嵌一个 OR 逻辑子组，添加两条规则：字段路径为 ${node.datalist.*.name}，类型 String，运算符均为等于（is）。

以上图为例，当node节点中name为john或alice且age在 12 到 20 之间（含边界值）将判定为符合条件。