LogoLogo
WebsiteBlogLogin
  • Onum Docs
  • Use Cases
  • Videos
  • Release Notes
  • Welcome
  • Getting Started
    • About Onum
    • Architecture
    • Deployment
    • Getting Started with Onum
    • Understanding The Essentials
      • Cards and Table Views
      • Data Types
      • Graph Calculations
      • The Time Range Selector
    • Key Terminology
  • THE WORKSPACE
    • Home
    • Listeners
      • Cloud Listeners
      • Listener Integrations
        • Amazon SQS
        • Amazon S3
        • Apache Kafka
        • Azure Event Hubs
        • Cisco NetFlow
        • Google Pub/Sub
        • HTTP
        • HTTP Pull
        • Microsoft 365
        • OpenTelemetry
        • Syslog
        • TCP
      • Labels
    • Pipelines
      • Building a Pipeline
        • AI Assistant
          • AI Pipeline Assistant
          • AI Action Assistant
      • Listeners
      • Actions
        • Advanced
          • Anonymizer
          • Bring Your Own Code
          • Field Generator
          • For Each
          • Google DLP
          • HTTP Request
          • Redis
        • Aggregation
          • Accumulator
          • Group By
        • AI
          • Amazon GenAI
          • BLIP-2
          • Cog
          • Google GenAI
          • Llama
          • Replicate
        • Detection
          • Sigma Rules
        • Enrichment
          • Lookup
        • Filtering
          • Conditional
          • Sampling
        • Formatting
          • Message Builder
        • Transformation
          • Field Transformation
            • Field Transformation Operations
              • Arithmetic / Logic
                • Divide Operation
                • Median
                • Multiply Operation
                • Subtract Operation
                • Sum Operation
              • Code tidy
                • JSON Minify
              • Control characters
                • Escape String
                • Unescape String
              • Conversion
                • Convert Area
                • Convert Data Units
                • Convert Distance
                • Convert Mass
                • Convert Speed
                • List to String
                • String to List
              • Data format
                • From Base
                • From Base64
                • From Hex
                • To Base
                • To Base64
                • To Hex
              • Date / Time
                • From Unix Timestamp
                • To Timestamp
                • To Unix Timestamp
                • Translate Datetime Format
              • Encoding / Decoding
                • From Binary
                • To Binary
                • To Decimal
              • Encryption / Encoding
                • JWT Decode
              • File system permissions
                • Parse Unix file permissions
              • Format conversion
                • CSV to JSON
                • JSON to CSV
              • Hashing
                • Keccak
                • MD2
                • MD4
                • MD5
                • SHA0
                • SHA1
                • SHA2
                • SHA3
                • Shake
                • SM3
              • Networking
                • Defang IP Address
                • Defang URL
                • Extract IP Address
                • Fang IP Address
                • Fang URLs
                • IP to Hexadecimal
                • Parse URI
                • URL Decode
                • URL Encode
              • Other
                • Parse Int
              • String
                • Length
              • Text sample adding
                • Pad Lines
              • Utils
                • Byte to Human Readable
                • Count Occurrences
                • CRC8 Checksum
                • CRC16 Checksum
                • CRC24 Checksum
                • CRC32 Checksum
                • Credit Card Obfuscator
                • Filter
                • Find and Replace
                • Regex
                • Remove Whitespace
                • Reverse String
                • Shuffle
                • Sort
                • Substring
                • Swap Case
                • To Lower Case
                • To Upper Case
          • Flat JSON
          • JSON Transformation
          • JSON Unroll
          • Math Expression
          • Parser
            • PCL (Parser Configuration Language)
        • Utils
          • Unique
      • Data sinks
      • Bulk Changes
      • Publishing & Versioning
      • Test your Pipeline
    • Data sinks
      • Data sink Integrations
        • Amazon S3
        • Amazon SQS
        • Azure Blob Storage
        • Azure Event Hubs
        • Devo
        • Google BigQuery
        • Google Cloud Storage
        • Google Pub/Sub
        • HTTP
        • Jira
        • Mail
        • Null
        • OpenTelemetry
        • PagerDuty
        • Pushover
        • Qradar
        • Relational Databases
        • ServiceNow
        • Slack
        • Splunk HEC
        • Syslog
        • TCP
        • Telegram
        • Twilio
    • Alerts
  • YOUR VAULT
    • Enrichment
    • Data History
    • Actions
  • ADMINISTRATION
    • Tenant Menu
    • Global Settings
      • Your Account
      • Organization Settings
        • Secrets Management
      • Tenant
        • Authentication
        • Users
        • Activity Log
  • MARKETPLACE
    • Onum Marketplace
      • Pulling Pipelines
        • Netskope Events Alert
        • OKTA System Log API
        • Sophos Connector SIEM
Powered by GitBook
On this page
  • Overview
  • Ports
  • Configuration
  • Example

Was this helpful?

Export as PDF
  1. THE WORKSPACE
  2. Pipelines
  3. Actions
  4. Filtering

Conditional

Most recent version: v1.0.0

PreviousFilteringNextSampling

Last updated 1 month ago

Was this helpful?

See the changelog of this Action type .

Overview

The Conditional action evaluates a list of conditions for an event. If an event meets a given condition, it will be sent through an output port specific to that condition. The event will be sent through the default output if it does not meet any conditions.

Set any number of conditions on your data for filtering and alerting.

AI Action Assistant

Ports

These are the input and output ports of this Action:

Input ports
  • Default port - All the events to be processed by this Action enter through this port.

Output ports
  • Default port - Events are sent through this port if no error occurs while processing them.

  • Error port - Events are sent through this port if an error occurs while processing them.

  • Condition port - Each condition you add will have its own port. There is currently a limit of 8 conditions per Action, however if you link another Conditional to the Default port, you can use the events to continue creating more conditions.

Configuration

1
2

To open the configuration, click the Action in the canvas and select Configuration.

3

Enter the required parameters:

Parameter
Description

View mode

Select your conditions using the buttons available, or write it in Code mode.

Field*

The Field option lets you choose not only the field to filter for, but the specific Action to take it from.

Conditions

Choose between the following conditions for the filter (or use the arrow keys on your keyboard to navigate up and down the list). The options you see here will differ depending on the data type of the field you have selected.

  • Number

    • (<) Less than

    • (≤) Less than or equal to

    • (>) Greater than

    • (≥) Greater than or equal to

    • (=) Equal to

    • (!=) Not equal to

  • String

    • Contains

    • Doesn't contain

    • Equal

    • Not equal

  • Boolean

    • Equal

    • Not equal

    • Contains

    • Does not contain

    • Equal to

    • Not equal to

  • All types

    • Is null

    • Is not null

Enter the value to filter in (remember to press enter if you´re writing one) and you have your condition.

Field

Choose the field to carry out the condition on.

AND/OR

Now you can add AND/OR clauses to your condition, or add a new condition entirely using the Add Condition option. Add string (contains, not contain, equals, not equal) or int (greater, less, equal, not equal) using OR & AND.

4

Click Save to complete.

Example

Let's say you have data on error and threat detection methods in storage devices and you wish to detect threats and errors using the Cyclic Redundancy Check methods crc8, crc16 and crc24.

1

Conditional

Add a Conditional to the canvas and link it to the Listener or Action providing your data.

2

Condition 1

  • Field: crc

  • Condition: equals

  • Field: crc8

Any events meeting this condition will exit via this port. Each condition has its own port.

3

Condition 2

  • Field: crc

  • Condition: equals

  • Field: crc16

4

Condition 3

  • Field: crc

  • Condition: equals

  • Field: crc24

5

Output

Now you have a Conditional action with three output ports, crc8, crc16 and crc24, as well as the default and error ports.

6

Conditional 2

Add another conditional to the canvas and enter the following:

  • Field: msg

  • Condition: contains

  • Field: threat

Now when the message contains "threat", an event will be generated and sent via the threat port.

In order to configure this action, you must first link it to a Listener or other Action. Go to to learn how to link.

This Action has an AI-powered chat feature that can help you configure its parameters. Read more about it in .

Find Conditional in the Actions tab (under the Filtering group) and drag it onto the canvas. Link it to the required and .

Building a Pipeline
this article
Listener
Data sink
here