Palo Alto Networks · JSON Structure

Cortex Xdr Api Filter Structure

A filter criterion for querying XDR resources.

Type: object Properties: 3 Required: 3
Cloud SecurityCybersecurityFirewallNetwork SecuritySASESOARThreat IntelligenceXDR

Filter is a JSON Structure definition published by Palo Alto Networks, describing 3 properties, of which 3 are required. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

field operator value

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/cortex-xdr-api-filter-structure.json",
  "name": "Filter",
  "description": "A filter criterion for querying XDR resources.",
  "type": "object",
  "properties": {
    "field": {
      "type": "string",
      "description": "Field name to filter on (e.g., incident_id, status, severity)."
    },
    "operator": {
      "type": "string",
      "description": "Comparison operator.",
      "enum": [
        "in",
        "contains",
        "gte",
        "lte",
        "eq",
        "neq"
      ]
    },
    "value": {
      "description": "Filter value. Use an array for the \"in\" operator, a string or integer for others.",
      "oneOf": [
        {
          "type": "string"
        },
        {
          "type": "int32"
        },
        {
          "type": "array",
          "items": {
            "oneOf": [
              {
                "type": "string"
              },
              {
                "type": "int32"
              }
            ]
          }
        }
      ]
    }
  },
  "required": [
    "field",
    "operator",
    "value"
  ]
}