Event Filter Operators

Learn more about the search operators provided by Nightfall, to filter Events.

This document describes all the operators provided by Nightfall to perform search operations on the Events page. You can use these operators to search for specific Events.

Nightfall provides you with two types of operators which are described in the following sections.

General Operators

Operator Name
Description

annotation_comment

This operator allows you to filter Events using the annotation comments.

annotation_type

confidence

This operator allows you to filter Events using the Confidence level which can either be Possible, likely, or Very Likely.

detection_rule_id

This operator allows you to filter Events using the unique detection rule ID.

detector_id

This operator allows you to filter Events using the unique detector ID.

file_name

This operator allows you to filter Events using the name of the file that triggered the violated

file_type

This operator allows you to filter Events using the type of file that triggered the violation.

integration_name

This operator allows you to filter Events using the integration name.

policy_id

This operator allows you to filter Events using the unique ID of the policy.

policy_name

This operator allows you to filter Events using the name of the policy.

post_context

pre_context

quote

This operator allows you to filter Events using the quote.

user_email

This operator allows you to filter Events using the email ID.

user_name

This operator allows you to filter Events using the name of the user who triggered the Event.

violation_id

This operator allows you to filter Events using the unique ID of the Event.

Integration Operators

Confluence Operators

Confluence.parent_page_name

This operator allows you to filter violations using the Confluence page's parent page name in which the Event was discovered.

Confluence.space_name

This operator allows you to filter Events using Confluence's space name in which the Event was discovered.

GitHub Operators

GitHub.author_email

This operator allows you to filter Events using the Email ID of the GitHub user who triggered the Event.

GitHub.branch

This operator allows you to filter Events using the name of the GitHub branch in which the Event was triggered.

GitHub.commit

This operator allows you to filter Events using the GitHub commit ID in which the Event was discovered.

GitHub.org

This operator allows you to filter Events using the GitHub organization name in which the Event was discovered.

github.repository

This operator allows you to filter Events using the GitHub repository name in which the Event was discovered.

github.repository_owner

This operator allows you to filter Events using the name of the GitHub repository owner in which the Event was discovered.

JIRA Operators

jira.project_name

This operator allows you to filter Events using the name of the JIRA project in which the Event was discovered.

jira.ticket_number

This operator allows you to filter Events using the ticket number of the JIRA in which the Event was discovered.

Notion Operators

notion.created_by

This operator allows you to filter Events using the name of the user who created the notion page in which the Event was discovered.

notion.last_edited_by

This operator allows you to filter Events using the name of the user who last edited the notion page in which the Event was discovered.

Notion.page_title

This operator allows you to filter Events using the title of the page in which the Event was discovered.

notion.workspace_name

This operator allows you to filter Events using the name of the Notion workspace in which the Event was discovered.

Slack Operators

Slack.channel_id

This operator allows you to filter Events using the ID of the Slack channel in which the Event was discovered.

Slack.channel_name

This operator allows you to filter vEvents using the name of the Slack channel in which the Event was discovered.

slack.workspace

This operator allows you to filter Event using the name of the Slack Workspace in which the Event was discovered.

MS Teams

teams.channel_name

This operator allows you to filter Events using the name of the channel in which the Event was discovered.

teams.channel_type

This operator allows you to filter Events using the channel type name in which the Event was discovered.

teams.msg_attachment

teams.msg_importance

teams.sender

This operator allows you to filter Events using the name of the sender who triggered the Event.

teams.team_name

This operator allows you to filter Events using the name of the team in which the Event occured.

teams.team_sensitivity

Zendesk

zendesk.current_user_role

This operator allows you to filter Events using the name of the current user who triggered the Event.

zendesk.ticket_group_assignee

This operator allows you to filter Events using the name of the group to which the Event ticket is assigned.

zendesk.ticket_status

This operator allows you to filter Events using the Zendesk ticket status.

zendesk.ticket_title

This operator allows you to filter Events using the name of the Ticket.

Last updated