From ee64c5f8a8df761ad4aaf1c72ca69c194e42b3e4 Mon Sep 17 00:00:00 2001 From: Jeroen Pinoy Date: Sat, 20 Feb 2021 23:31:32 +0100 Subject: [PATCH] chg: [Administration] close #198 - document publish alert filter valid filters --- administration/README.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/administration/README.md b/administration/README.md index 7a178dc..c15f994 100644 --- a/administration/README.md +++ b/administration/README.md @@ -447,7 +447,15 @@ A new screen appears. Make sure the “Setting” drop down box shows “publish The text field “Value” contains the filter, which needs to be provided in JSON format. Important JSON-objects which can be used here go by the name AND”, “OR” and “NOT”. These should be structured in a logical tree. -The filtering can be applied to tags or to a publishing organization. +The filtering can be applied to tags, the publishing organization and the threat level. Valid filters: + +- AttributeTag.name +- EventTag.name +- Tag.name (checks against both event and attribute tags) +- Orgc.uuid (creator org uuid) +- Orgc.name (creator org name) +- ThreatLevel.name + In the following example, all notifications will be filtered which carry ‘tlp.white’ and ‘tlp.green’ in the name of the tag: