Signal-Filter-Fields.Yaml

[mvirga-sumo]

The purpose of this custom action is to deconstruct a CSE Insight based on an assigned filter in order to retrieve specific field elements from the Signal Array that match the criteria. Currently there is no way (outside of a custom action) to prevent a playbook from executing against multiple matches and instead to only focus on the elements that match the condition.

Ex Use Case:

Insight A contained 3 different signals with 3 different device_ip addresses. This action will allow you to target explicitly the signal that matches your filter and only return the device_ip that matches your condition.

Purpose of this pull request

This pull request is ...

Reminders:

• Please verify that all sensitive data has been removed or redacted BEFORE submitting content.
• All application, dashboard, and search content should be in JSON format (exported from Sumo Logic).
• Please include a screenshot of the content/dashboards you are submitting with PII data removed.
• Please provide steps on how to collect data for specific content.

Select the type of change:

What types of changes does your code introduce? Select the checkbox after creating the PR.
Put an x in the boxes that apply

• Minor Changes - Typos, formatting, slight revisions
• Update Content - Revisions and updating sections
• New Content - New features, sections, pages, tutorials

Next Steps:

• Once content is added to the repo, please edit the Help Docs site to link the content to the Help Docs.
• Steps to editing the Help Docs page: https://help.sumologic.com/docs/contributing/edit-doc/#minor-edits
• Community Content Site: https://help.sumologic.com/docs/integrations/community-ecosystem-apps/#community-content-catalog

Related Jira or Another other Ticket:

Jira Ticket