Login
Contents x
Conditions
  • 16 Nov 2023
  • 3 Minutes to read
  • Dark
    Light
Contents

Conditions

  • Updated on 16 Nov 2023
  • 3 Minutes to read
  • Dark
    Light
Article Summary

Conditions are used to compare two or more values. Conditions can be used to trigger events and configure If tasks or Loops. For example, triggering an action when data matches specific conditions is a common use case with workflows. 

You can apply optional conditions to limit which events will trigger a workflow. For example, if your workflow starts when an IMAP trigger event is received, you can add a condition that the attachments key must contain an image/png in order for the workflow to begin. Conditions support AND / OR operators.


For example, you can check if a specific command was found in a sent Slack message. You can see the If condition checks if the message contains the exact text "disable_function". It also has the OR operator, which tells us that if the first condition is not met, a second condition can also satisfy the workflow. 

The second condition has the AND operator, meaning that both conditions must be met in order to fulfill the requirements. The example message must include the exact string "enable_function", as well as having a value in the extract_text_from_message.results element.


Equals

The workflow or step is executed when the value of the specific event element equals the specified value. This condition is case insensitive. In the following example, only emails that contain a PNG file attachment will trigger the workflow.


Not Equals

The workflow or step is executed when the value of the trigger event element does not equal the specified value. This condition is case insensitive. In the following example, Wiz issues whose severity is not LOW or MEDIUM will trigger the workflow. 


Is In

The workflow proceeds on the TRUE path when the first specified value is found in the second specified value. Otherwise, the workflow will proceed on the FALSE path. In this example, the condition is checking if “atm” is found in “batman”. This condition would evaluate as TRUE.

Screenshot of the is in condition

Is Not In

The workflow proceeds on the TRUE path when the first specified value is NOT found in the second specified value. Otherwise, the workflow will proceed on the FALSE path. In this example, the condition is checking if “bat” is found in “superman”. This condition would evaluate as TRUE.

Contains

The workflow or step is executed when the value of the specified string is contained inside the event elements. This condition is case-sensitive and must be an exact match. 

In the following example, the workflow is triggered when a Slack message contains either an enable or disable global address list (gal) command. 


Not Contains

The workflow or step is executed when the specified string is not contained inside the trigger event elements. This condition is case-sensitive and must be an exact match. 

In the following example, a workflow is triggered when an event occurs - however, we specify that it does not trigger if the event occurs on a certain computer in the organization. 


Greater Than

The workflow or step is executed when the event element contains a numeric value that is greater than the specified value. 

In the following example, when sending potentially malicious data to VirusTotal, we will classify the entity as malicious if a certain number of engines find the item to be malicious. 


Greater Equal 

The workflow or step is executed when the event element contains a numeric value that is greater than or equal to the specified value. 

In the following example, the If operator checks if there is at least one email address found in the JSON. 


Less Than

The workflow or step is executed when the event element contains a numeric value that is lower than the given value. 

In the following example, when sending a potentially harmful file for a scan, you might consider a file benign only if no suspicious attributes were detected. 

Less Equal

The workflow or step is executed when the event element contains a numeric value that is lower than or equal to the specified value. 

In the following example, when sending a potentially harmful file for a scan, you might consider a file benign only if no more than 2 suspicious attributes were detected. 


Is Empty

The workflow or step is executed when the specified event has a null value, or an empty array, object, or string. 

In the following example, the If operator is part of a workflow to analyze a submitted JSON of IP addresses or URLs. Before proceeding with the workflow, we want to check if there is any content to analyze. 

Is Not Empty

The workflow or step is executed when the specified event does not have a null value, or if the array, object, or string contains any value. 

In the following example, the If operator continues only if the endpoint alert contains results.


Regex Match

The workflow or step is executed when the specified event element matches a Regular Expression RE2


Was this article helpful?
What's Next
Change password!
Changing your password will log you out immediately. Use the new password to log back in.
Change profile
Success!
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
Logout