FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
As of now, there is no way to filter
based on two dates given as an input (Ex: alerts between 1/1/2019
00:00:00 to 10/1/2019 00:12:00),
However, there is a workaround that can help us to solve this issue:
Steps:
Create a new INTEGER field called Time Stamp.
Add post create step tp update this field by the current timestamp ( {{arrow.utcnow().timestamp}} ). Note: to change it to specific timezone we need to add .to(timezone) (Ex: {{arrow.utcnow().to('Asia/Dubai').timestamp}} )
use integer filtering feature (greater than/less than) to filter between two timestamps.
