filter組件主要提供資料過濾功能。
功能描述
動作 | 描述 | 使用情境 |
filter | 對某個節點的資料進行過濾。 | 對某個節點的資料進行過濾,篩選出符合規則的資料。 |
組件配置樣本
本文提供了filter組件各動作的參數配置樣本,您可將其作為測試劇本匯入。通過可視化流程編輯器,能更直觀地瞭解和測試各動作的配置參數,輕鬆掌握組件的功能邏輯與使用方式。操作步驟可參考劇本匯入。
說明
請先將樣本資料儲存為JSON檔案,再匯入編輯器中。
樣本資料
{
"cells": [
{
"position": {
"x": -770,
"y": -170
},
"size": {
"width": 36,
"height": 36
},
"attrs": {
"body": {
"fill": "white",
"strokeOpacity": 0.95,
"stroke": "#63ba4d",
"strokeWidth": 2
},
"label": {
"text": "start",
"fontSize": 12,
"refX": 0.5,
"refY": "100%",
"refY2": 4,
"textAnchor": "middle",
"textVerticalAnchor": "top"
},
"path": {
"stroke": "#63ba4d"
}
},
"visible": true,
"shape": "circle",
"id": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4",
"zIndex": 1,
"data": {
"nodeType": "startEvent",
"appType": "basic",
"nodeName": "start",
"icon": "icon-circle",
"description": "劇本開始節點,一個劇本必須有且僅有一個開始節點,需為劇本配置輸入資料。"
},
"markup": [
{
"tagName": "circle",
"selector": "body"
},
{
"tagName": "text",
"selector": "label"
}
],
"isNode": true
},
{
"shape": "custom-edge",
"attrs": {
"line": {
"stroke": "#63ba4d",
"targetMarker": {
"stroke": "#63ba4d"
}
}
},
"zIndex": 1,
"id": "5293c3f9-e1c9-4a49-b0eb-635067dc67e8",
"data": {
"nodeType": "sequenceFlow",
"appType": "basic",
"isRequired": true,
"icon": "icon-upper-right-arrow"
},
"isNode": false,
"source": {
"cell": "58d87b7d-28d9-4f0e-b135-4adc4f1a70e4"
},
"target": {
"cell": "c1b02b5a-b343-48c9-8e17-984abf6965ed"
},
"visible": true,
"router": {
"name": "manhattan",
"args": {
"padding": 5,
"excludeHiddenNodes": true,
"excludeNodes": [
"clone_node_id"
]
}
},
"vertices": [
]
},
{
"position": {
"x": 80,
"y": -170
},
"size": {
"width": 36,
"height": 36
},
"attrs": {
"body": {
"fill": "white",
"strokeOpacity": 0.95,
"stroke": "#63ba4d",
"strokeWidth": 2
},
"path": {
"r": 12,
"refX": "50%",
"refY": "50%",
"fill": "#63ba4d",
"strokeOpacity": 0.95,
"stroke": "#63ba4d",
"strokeWidth": 4
},
"label": {
"text": "end",
"fontSize": 12,
"refX": 0.5,
"refY": "100%",
"refY2": 4,
"textAnchor": "middle",
"textVerticalAnchor": "top"
}
},
"visible": true,
"shape": "circle",
"id": "317dd1be-2d20-460e-977e-1fc936ffb583",
"zIndex": 1,
"data": {
"nodeType": "endEvent",
"appType": "basic",
"nodeName": "end",
"icon": "icon-radio-off-full",
"description": "end"
},
"markup": [
{
"tagName": "circle",
"selector": "body"
},
{
"tagName": "circle",
"selector": "path"
},
{
"tagName": "text",
"selector": "label"
}
],
"isNode": true
},
{
"position": {
"x": -380,
"y": -185
},
"size": {
"width": 137,
"height": 66
},
"view": "react-shape-view",
"attrs": {
"label": {
"text": "filter"
}
},
"shape": "activity",
"id": "41ac8fbf-0390-4b1c-9d44-b91150a607a3",
"data": {
"componentName": "filter",
"appType": "component",
"nodeType": "action",
"icon": "https://img.alicdn.com/imgextra/i3/O1CN01zYP1Bk1msd4DgMiBa_!!6000000005010-55-tps-22-22.svg",
"ownType": "sys",
"zIndex": 1,
"customInput": false,
"operateType": "general",
"name": "filter",
"nodeName": "filter",
"actionName": "filter",
"actionDisplayName": "filter",
"cascaderValue": [
{
"label": "DataFormat",
"value": "${DataFormat}",
"children": [
{
"label": "DataFormat.total_data_with_dup",
"name": "DataFormat.total_data_with_dup",
"value": "${DataFormat.total_data_with_dup}"
},
{
"label": "DataFormat.datalist.*.name",
"name": "DataFormat.datalist.*.name",
"value": "${DataFormat.datalist.*.name}"
},
{
"label": "DataFormat.total_exe_successful",
"name": "DataFormat.total_exe_successful",
"value": "${DataFormat.total_exe_successful}"
},
{
"label": "DataFormat.total_data",
"name": "DataFormat.total_data",
"value": "${DataFormat.total_data}"
},
{
"label": "DataFormat.total_exe",
"name": "DataFormat.total_exe",
"value": "${DataFormat.total_exe}"
},
{
"label": "DataFormat.status",
"name": "DataFormat.status",
"value": "${DataFormat.status}"
},
{
"label": "DataFormat.total_data_successful",
"name": "DataFormat.total_data_successful",
"value": "${DataFormat.total_data_successful}"
}
]
}
],
"valueData": {
"upstreamNode": "DataFormat",
"condition": "{\"condition\":\"AND\",\"rules\":[{\"field\":\"${DataFormat.datalist.*.name}\",\"value\":[\"test1\"],\"match\":\"is\",\"type\":\"string\",\"valueSource\":\"value\"}]}"
},
"status": "success"
},
"zIndex": 1
},
{
"shape": "custom-edge",
"attrs": {
"line": {
"stroke": "#63ba4d",
"targetMarker": {
"stroke": "#63ba4d"
}
}
},
"zIndex": 1,
"id": "3e5126c8-61ce-4582-9fcd-49e3fca844ea",
"data": {
"nodeType": "sequenceFlow",
"appType": "basic",
"isRequired": true,
"icon": "icon-upper-right-arrow"
},
"isNode": false,
"visible": true,
"router": {
"name": "manhattan",
"args": {
"padding": 5,
"excludeHiddenNodes": true,
"excludeNodes": [
"clone_node_id"
]
}
},
"source": {
"cell": "41ac8fbf-0390-4b1c-9d44-b91150a607a3"
},
"target": {
"cell": "437f1a16-609f-40d9-9ac8-5d9bd8aeafcd"
},
"vertices": [
]
},
{
"position": {
"x": -165,
"y": -185
},
"size": {
"width": 137,
"height": 66
},
"view": "react-shape-view",
"attrs": {
"label": {
"text": "DataFormat_2"
}
},
"shape": "activity",
"id": "437f1a16-609f-40d9-9ac8-5d9bd8aeafcd",
"data": {
"componentName": "DataFormat",
"appType": "component",
"nodeType": "action",
"icon": "https://sophon-gen-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1719222281702_DataFormat_logo.png?Expires=1745654600&OSSAccessKeyId=STS. NXW5************&Signature=j5SXLh%2Fw5b4PhkhzWa%2FWgl%2BGWRQ%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vifvv6269M2bWOYV%2FojmsWNLhPgrXsiTz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb40Y6HzyK0s%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2Bo58zxrcUGin%2B2svzhw6RGJ1dq8DgINtD0jokjPndRVbLXs84nxS7gbsGn76oY2zradH%2FdU4J6tvBMytAXxqAAYb6jxZjLe7TMmktKoKJDPNYGnTAeViZJKpduCT2k7DBuEUN%2B%2B8fsvmMKsLLycLOYmqBqU%2FB4%2Fdy5Muz%2B6WDAQFoEDgzB17wouEZsoQG5EoCHljEH6DBajdzaAaISFedQrIaeBqEJIrLqLMKQlSqas3HEp8VqOaseKoWLb5PDxTGIAA%3D",
"ownType": "sys",
"zIndex": 1,
"tenantId": "baba",
"customInput": false,
"description": "產生一個新的資料",
"id": 0,
"name": "formatdata",
"operateType": "general",
"output": [
],
"parameters": [
{
"dataType": "Complex",
"defaultValue": "",
"description": "要轉換產生的資料",
"enDescription": "",
"name": "outputFields",
"needCascader": false,
"required": false,
"tags": ""
}
],
"riskLevel": 2,
"nodeName": "DataFormat_2",
"actionName": "formatdata",
"actionDisplayName": "formatdata",
"cascaderValue": [
{
"label": "filter_1",
"value": "${filter_1}",
"children": [
{
"label": "filter_1.failedReason",
"name": "filter_1.failedReason",
"value": "${filter_1.failedReason}"
},
{
"label": "filter_1.total_exe_successful",
"name": "filter_1.total_exe_successful",
"value": "${filter_1.total_exe_successful}"
},
{
"label": "filter_1.status",
"name": "filter_1.status",
"value": "${filter_1.status}"
},
{
"label": "filter_1.filter_total_data_successful",
"name": "filter_1.filter_total_data_successful",
"value": "${filter_1.filter_total_data_successful}"
},
{
"label": "filter_1.total_data_successful",
"name": "filter_1.total_data_successful",
"value": "${filter_1.total_data_successful}"
},
{
"label": "filter_1.total_data_with_dup",
"name": "filter_1.total_data_with_dup",
"value": "${filter_1.total_data_with_dup}"
},
{
"label": "filter_1.filter_total_data",
"name": "filter_1.filter_total_data",
"value": "${filter_1.filter_total_data}"
},
{
"label": "filter_1.total_data",
"name": "filter_1.total_data",
"value": "${filter_1.total_data}"
},
{
"label": "filter_1.total_exe",
"name": "filter_1.total_exe",
"value": "${filter_1.total_exe}"
}
]
},
{
"label": "DataFormat",
"value": "${DataFormat}",
"children": [
]
}
],
"valueData": {
"outputFields": "[{\"fieldName\":\"name\",\"fieldValue\":\"${filter.datalist.*.name}\"}]"
},
"status": "success"
},
"zIndex": 1
},
{
"shape": "custom-edge",
"attrs": {
"line": {
"stroke": "#63ba4d",
"targetMarker": {
"stroke": "#63ba4d"
}
}
},
"zIndex": 1,
"id": "b299b622-6607-4284-b05d-aa8339eee601",
"data": {
"nodeType": "sequenceFlow",
"appType": "basic",
"isRequired": true,
"icon": "icon-upper-right-arrow"
},
"isNode": false,
"visible": true,
"router": {
"name": "manhattan",
"args": {
"padding": 5,
"excludeHiddenNodes": true,
"excludeNodes": [
"clone_node_id"
]
}
},
"source": {
"cell": "437f1a16-609f-40d9-9ac8-5d9bd8aeafcd"
},
"target": {
"cell": "317dd1be-2d20-460e-977e-1fc936ffb583"
},
"vertices": [
]
},
{
"position": {
"x": -610,
"y": -190
},
"size": {
"width": 137,
"height": 66
},
"view": "react-shape-view",
"attrs": {
"label": {
"text": "DataFormat"
}
},
"shape": "activity",
"id": "c1b02b5a-b343-48c9-8e17-984abf6965ed",
"data": {
"componentName": "DataFormat",
"appType": "component",
"nodeType": "action",
"icon": "https://sophon-gen-v2.oss-cn-zhangjiakou.aliyuncs.com/componentUpload/1719222281702_DataFormat_logo.png?Expires=1745654600&OSSAccessKeyId=STS. NXW5************&Signature=j5SXLh%2Fw5b4PhkhzWa%2FWgl%2BGWRQ%3D&security-token=CAIS2AJ1q6Ft5B2yfSjIr5vifvv6269M2bWOYV%2FojmsWNLhPgrXsiTz2IHhMenFpAegcv%2Fw%2BlGFZ6%2F8elrp6SJtIXleCZtF94oxN9h2gb4fb40Y6HzyK0s%2FLI3OaLjKm9u2wCryLYbGwU%2FOpbE%2B%2B5U0X6LDmdDKkckW4OJmS8%2FBOZcgWWQ%2FKBlgvRq0hRG1YpdQdKGHaONu0LxfumRCwNkdzvRdmgm4NgsbWgO%2Fks0OP3AOrlrBN%2Bdiuf8T9NvMBZskvD42Hu8VtbbfE3SJq7BxHybx7lqQs%2B02c5onDWwAJu0%2FXa7uEo4wydVNjFbM9A65Dqufxn%2Fpgt%2Braj4X7xhhEIOVJSSPbSZBbSxJNvU1RXDxQVcEYWxylurjnXvF%2Bo58zxrcUGin%2B2svzhw6RGJ1dq8DgINtD0jokjPndRVbLXs84nxS7gbsGn76oY2zradH%2FdU4J6tvBMytAXxqAAYb6jxZjLe7TMmktKoKJDPNYGnTAeViZJKpduCT2k7DBuEUN%2B%2B8fsvmMKsLLycLOYmqBqU%2FB4%2Fdy5Muz%2B6WDAQFoEDgzB17wouEZsoQG5EoCHljEH6DBajdzaAaISFedQrIaeBqEJIrLqLMKQlSqas3HEp8VqOaseKoWLb5PDxTGIAA%3D",
"ownType": "sys",
"zIndex": 1,
"tenantId": "baba",
"customInput": false,
"description": "把輸入資料轉換為JSON類型的。如果是JSONArray,則把所有的數組直接放到datalist中。如果是JSONObject,則作為datalist的一行資料",
"id": 0,
"name": "convertToJSON",
"operateType": "general",
"parameters": [
{
"dataType": "Text",
"defaultValue": "",
"description": "輸入資料",
"name": "inputData",
"needCascader": false,
"required": false
}
],
"riskLevel": 2,
"nodeName": "DataFormat",
"actionName": "convertToJSON",
"actionDisplayName": "convertToJSON",
"cascaderValue": [
],
"valueData": {
"inputData": "[{\"name\":\"test\"},{\"name\":\"test1\"}]"
},
"status": "success"
},
"zIndex": 1
},
{
"shape": "custom-edge",
"attrs": {
"line": {
"stroke": "#63ba4d",
"targetMarker": {
"stroke": "#63ba4d"
}
}
},
"zIndex": 1,
"id": "d87ef9c5-9ce1-4a0a-81c3-5bbb1fc22c6a",
"data": {
"nodeType": "sequenceFlow",
"appType": "basic",
"isRequired": true,
"icon": "icon-upper-right-arrow"
},
"isNode": false,
"visible": true,
"router": {
"name": "manhattan",
"args": {
"padding": 5,
"excludeHiddenNodes": true,
"excludeNodes": [
"clone_node_id"
]
}
},
"source": {
"cell": "c1b02b5a-b343-48c9-8e17-984abf6965ed"
},
"target": {
"cell": "41ac8fbf-0390-4b1c-9d44-b91150a607a3"
},
"vertices": [
]
}
]
}filter
將合格資料,傳入下個節點。
參數說明
參數 | 說明 |
選擇節點 | 要過濾資料的節點。 |
條件 | 支援多組合條件,預設為一個條件組。 |
條件配置說明
SOAR提供了可視化頁面來配置filter組件的條件規則,介面說明如下:
序號 | 說明 |
1-邏輯運算子 | AND:所有的條件都要滿足。 OR:滿足條件之一即可。 重要 邏輯運算子只能決定同一組內部的不同規則的邏輯關係。 |
2-取反開關 | 對當前組的條件判斷取反。 |
3-增加組內規則 | 增加組內一條規則,組內多條規則的邏輯關係由左上方1-邏輯運算子決定。 |
4-增加條件組 | 單擊增加一組篩選條件。 重要 不同組之間的條件固定為AND的關係,不受1-邏輯運算子影響。 |
5-條件欄位 | 支援輸入運算式、常量,通常為前置節點的輸出欄位。 |
6-條件判斷規則 | 支援字串(String)、數字(Number)、觀察列表(Dataset)的IN、=等操作。具體說明參考下文filter組件。 |
7-條件值 | 支援輸入運算式、常量。 |
條件配置樣本
以上圖為例,當node節點中name為john或alice且age在 12 到 20 之間(含邊界值)將判定為符合條件。
條件判斷規則說明
規則名稱 | 規則說明 | 備忘 |
NOT IN IP Dataset | 不在IP觀察列表中。 | 觀察列表需要在“Security Center-威脅分析與響應-接入中心-觀察列表”中配置後才可以選擇。 |
IN IP Dataset | 在IP觀察列表中。 | |
NOT IN Dataset | 不在觀察列表中。 | |
IN Dataset | 在觀察列表中。 | |
String| 等於 | 等於。 | 無 |
String| 不等於 | 不等於。 | 無 |
String| 包含 | 包含。 | 樣本:abc 包含 bc。 |
String| 不包含 | 不包含。 | 樣本:abc 不包含 d。 |
String| 以此開頭 | 以此開頭。 | 樣本:abc 以 ab 開頭。 |
String| 以此結尾 | 以此結尾。 | 樣本:abc 以 bc結尾。 |
String| 不以此結尾 | 不以此結尾。 | 樣本:abc 不以 ab結尾。 |
String| 正則匹配 | 正則匹配。 | 樣本:abcabc 匹配 (abc)+。 |
String| 非正則匹配 | 非正則匹配。 | 樣本:abab 不匹配 (abc)+。 |
String| 為空白 | 是Null 字元串。 | Null 字元串、null、NULL都認為是Null 字元串。 |
String| 不為空白 | 不是Null 字元串。 | 無 |
Number| 等於 | 等於。 | 無 |
Number| 不等於 | 不等於。 | 無 |
Number| 大於 | 大於。 | 無 |
Number| 大於等於 | 大於等於。 | 無 |
Number| 小於 | 小於。 | 無 |
Number| 小於等於 | 小於等於。 | 無 |
Number| 範圍 | 數字條件值是否字在配置範圍內。格式為“數值,數值”。 | 樣本:1處於 -1,5的範圍。 |