topic Filter Output By Category in General Topics https://live.paloaltonetworks.com/t5/general-topics/filter-output-by-category/m-p/379227#M95531 <P>Hello everyone,<BR />I'm working with the Proofpoint EThreat,<BR />I'm trying to filter the output feed based on ET category.<BR /><BR />to archieve this, i'm editing the Output Node stlib with this condition:</P><P><FONT size="2" color="#808080">- actions:</FONT><BR /><FONT size="2" color="#808080">- accept</FONT><BR /><FONT size="2" color="#808080">conditions:</FONT><BR /><FONT size="2" color="#808080">- confidence &gt; 75</FONT><BR /><FONT size="2" color="#808080">- share_level == 'red'</FONT><BR /><FONT size="2" color="#808080">- proofpoint_etintelligence_categories == 'VPN'</FONT><BR /><FONT size="2" color="#808080">name: category CnC</FONT></P><P>&nbsp;</P><P>But it doesn't work, probably because proofpoint_etintelligence_categories it's an Array</P><P>&nbsp;</P><P><FONT size="2" color="#808080">"proofpoint_etintelligence_categories": [</FONT><BR /><FONT size="2" color="#808080">"Drop",</FONT><BR /><FONT size="2" color="#808080">"VPN"</FONT><BR /><FONT size="2" color="#808080">],</FONT></P><P>&nbsp;</P><P><FONT size="4" color="#000000"><FONT size="3">How can I filter with a condition</FONT> (<FONT size="2" color="#808080">proofpoint_etintelligence_categories CONTAIN "category_name"</FONT>)</FONT></P><P>&nbsp;</P><P><FONT size="4" color="#000000">Thanks</FONT></P> Tue, 12 Jan 2021 09:48:14 GMT bereon 2021-01-12T09:48:14Z Filter Output By Category https://live.paloaltonetworks.com/t5/general-topics/filter-output-by-category/m-p/379227#M95531 <P>Hello everyone,<BR />I'm working with the Proofpoint EThreat,<BR />I'm trying to filter the output feed based on ET category.<BR /><BR />to archieve this, i'm editing the Output Node stlib with this condition:</P><P><FONT size="2" color="#808080">- actions:</FONT><BR /><FONT size="2" color="#808080">- accept</FONT><BR /><FONT size="2" color="#808080">conditions:</FONT><BR /><FONT size="2" color="#808080">- confidence &gt; 75</FONT><BR /><FONT size="2" color="#808080">- share_level == 'red'</FONT><BR /><FONT size="2" color="#808080">- proofpoint_etintelligence_categories == 'VPN'</FONT><BR /><FONT size="2" color="#808080">name: category CnC</FONT></P><P>&nbsp;</P><P>But it doesn't work, probably because proofpoint_etintelligence_categories it's an Array</P><P>&nbsp;</P><P><FONT size="2" color="#808080">"proofpoint_etintelligence_categories": [</FONT><BR /><FONT size="2" color="#808080">"Drop",</FONT><BR /><FONT size="2" color="#808080">"VPN"</FONT><BR /><FONT size="2" color="#808080">],</FONT></P><P>&nbsp;</P><P><FONT size="4" color="#000000"><FONT size="3">How can I filter with a condition</FONT> (<FONT size="2" color="#808080">proofpoint_etintelligence_categories CONTAIN "category_name"</FONT>)</FONT></P><P>&nbsp;</P><P><FONT size="4" color="#000000">Thanks</FONT></P> Tue, 12 Jan 2021 09:48:14 GMT https://live.paloaltonetworks.com/t5/general-topics/filter-output-by-category/m-p/379227#M95531 bereon 2021-01-12T09:48:14Z Re: Filter Output By Category https://live.paloaltonetworks.com/t5/general-topics/filter-output-by-category/m-p/379271#M95532 <P>Found the solution:</P><DIV>contains(proofpoint_etintelligence_categories, 'category') == true</DIV> Tue, 12 Jan 2021 13:12:53 GMT https://live.paloaltonetworks.com/t5/general-topics/filter-output-by-category/m-p/379271#M95532 bereon 2021-01-12T13:12:53Z