Event Filter Operators
Learn more about the search operators provided by Nightfall, to filter Events.
This document describes all the operators provided by Nightfall to perform search operations on the Events page. You can use these operators to search for specific Events.
Nightfall provides you with two types of operators which are described in the following sections.
General Operators
annotation_comment
This operator allows you to filter Events using the annotation comments.
annotation_type
confidence
This operator allows you to filter Events using the Confidence level which can either be Possible, likely, or Very Likely.
detection_rule_id
This operator allows you to filter Events using the unique detection rule ID.
detector_id
This operator allows you to filter Events using the unique detector ID.
file_name
This operator allows you to filter Events using the name of the file that triggered the violated
file_type
This operator allows you to filter Events using the type of file that triggered the violation.
integration_name
This operator allows you to filter Events using the integration name.
policy_id
This operator allows you to filter Events using the unique ID of the policy.
policy_name
This operator allows you to filter Events using the name of the policy.
post_context
pre_context
quote
This operator allows you to filter Events using the quote.
user_email
This operator allows you to filter Events using the email ID.
user_name
This operator allows you to filter Events using the name of the user who triggered the Event.
violation_id
This operator allows you to filter Events using the unique ID of the Event.
Integration Operators
Confluence Operators
Confluence.parent_page_name
This operator allows you to filter violations using the Confluence page's parent page name in which the Event was discovered.
Confluence.space_name
This operator allows you to filter Events using Confluence's space name in which the Event was discovered.
GitHub Operators
GitHub.author_email
This operator allows you to filter Events using the Email ID of the GitHub user who triggered the Event.
GitHub.branch
This operator allows you to filter Events using the name of the GitHub branch in which the Event was triggered.
GitHub.commit
This operator allows you to filter Events using the GitHub commit ID in which the Event was discovered.
GitHub.org
This operator allows you to filter Events using the GitHub organization name in which the Event was discovered.
github.repository
This operator allows you to filter Events using the GitHub repository name in which the Event was discovered.
github.repository_owner
This operator allows you to filter Events using the name of the GitHub repository owner in which the Event was discovered.
JIRA Operators
jira.project_name
This operator allows you to filter Events using the name of the JIRA project in which the Event was discovered.
jira.ticket_number
This operator allows you to filter Events using the ticket number of the JIRA in which the Event was discovered.
Notion Operators
notion.created_by
This operator allows you to filter Events using the name of the user who created the notion page in which the Event was discovered.
notion.last_edited_by
This operator allows you to filter Events using the name of the user who last edited the notion page in which the Event was discovered.
Notion.page_title
This operator allows you to filter Events using the title of the page in which the Event was discovered.
notion.workspace_name
This operator allows you to filter Events using the name of the Notion workspace in which the Event was discovered.
Slack Operators
Slack.channel_id
This operator allows you to filter Events using the ID of the Slack channel in which the Event was discovered.
Slack.channel_name
This operator allows you to filter vEvents using the name of the Slack channel in which the Event was discovered.
slack.workspace
This operator allows you to filter Event using the name of the Slack Workspace in which the Event was discovered.
MS Teams
teams.channel_name
This operator allows you to filter Events using the name of the channel in which the Event was discovered.
teams.channel_type
This operator allows you to filter Events using the channel type name in which the Event was discovered.
teams.msg_attachment
teams.msg_importance
teams.sender
This operator allows you to filter Events using the name of the sender who triggered the Event.
teams.team_name
This operator allows you to filter Events using the name of the team in which the Event occured.
teams.team_sensitivity
Zendesk
zendesk.current_user_role
This operator allows you to filter Events using the name of the current user who triggered the Event.
zendesk.ticket_group_assignee
This operator allows you to filter Events using the name of the group to which the Event ticket is assigned.
zendesk.ticket_status
This operator allows you to filter Events using the Zendesk ticket status.
zendesk.ticket_title
This operator allows you to filter Events using the name of the Ticket.
Last updated